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Abstract. We consider the problem of reasoning and planning with incomplete knowl- 
edge and deterministic actions. We introduce a knowledge representation scheme called 
PSIPLAN that can effectively represent incompleteness of an agent's knowledge while al- 
lowing for sound, complete and tractable entailment in domains where the set of all objects 
is either unknown or infinite. We present a procedure for state update resulting from tak- 
ing an action in PSIPLAN that is correct, complete and has only polynomial complexity. 
State update is performed without considering the set of all possible worlds correspond- 
ing to the knowledge state. As a result, planning with PSIPLAN is done without direct 
manipulation of possible worlds. PSIPLAN representation underlies the PSIPOP plan- 
ning algorithm that handles quantified goals with or without exceptions that no other 
domain independent planner has been shown to achieve. PSIPLAN has been implemented 
in Common Lisp and used in an application on planning in a collaborative interface. 



1. Introduction 

Much progress has been made in the area of planning with a correct but incomplete 
description of the world, i.e. an open world. However, so far there have been relatively few 
formalisms proposed for efficient open world representation and reasoning in the domains 
with a very large or unknown set of individual objects. This paper describes a represen- 
tation, called PSIPLAN, for planning with incomplete information about the initial state, 
that handles open world planning problems that have not been shown to be solved by any 
other implemented domain independent planning system. 

For an example of an open world problem, consider a robot operating in a warehouse 
that is given a goal of delivering box A to the front door. The robot can pick up only 
those boxes that do not contain fragile items. To pick up box A the robot does not need 
to know the location of all fragile items, nor the precise contents of box A. It is sufficient 
to know that A has no fragile items. Thus, in such situations, if the robot knows that (a) 
no containers have fragile goods except for B, it can safely pick up box A. When the list 
of all containers that the robot might eventually have to reason about is unknown, it is 
impossible to represent (a) by enumerating all containers that do not have fragile goods. 
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Thus to include (a) in the robot's description of the state, or to represent a goal such as 
there is nothing at the front door except for box A, a quantified statement is necessary. 

The robot must be able to update quickly and correctly its knowledge of the state that 
results from performing an action. For instance, after a new container C, whose contents 
are unknown, is added to the warehouse, the robot's updated state must reflect that (b) 
there are no containers with fragile goods except for B and possibly C. 

Effective and efficient operation in a partially known environment may require the 
ability to satisfy knowledge goals, such as for example, (c) identify all containers with fragile 
goods that will be shipped to Boston, and sensing actions that return information about the 
world, such as examining the contents of a box, or determining a box's destination from its 
label. A robot that is able to reason in a sound and complete manner about its knowledge 
and lack of knowledge is better equipped to handle such knowledge goals. For instance, 
knowing only (b) plus that C's destination is Chicago, when given a knowledge goal (c), 
the robot must be able to conclude that the only necessary information that is missing is 
the destination of B. Such precision of reasoning ensures that sensing is non-redundant and 
relies on sound and complete reasoning in the underlying representation. 

As this example demonstrates, a representation used in an open-world application must 
distinguish between propositions whose truth value the agent knows and those whose truth 
value it does not know. Merely listing all facts marked with their truth value is inefficient 
when the set of all domain objects is very large because, typically, the number of atoms 
whose value is known to be false is large. For example, the set of all objects that are 
not in box A could be very large. Furthermore, such enumeration of known atoms is 
impossible when the set of all domain objects is infinite or unknown. A key requirement 
of an open world planning representation with partially unknown or infinite domains is to 
allow quantification for (at least) negative information while retaining efficient reasoning. 

In this paper we present a representation for open world reasoning that uses a class 
of quantified sentences with exceptions that we call ■(/'-forms. ^/)-forms represent quantified 
negative information such as the following statement: there are no containers with fragile 
goods except for possibly B and C. We present an efficient calculus for ip-forms, that includes 
a sound and complete entailment procedure that takes polynomial time under certain rea- 
sonable assumptions on the structure of ■t/'-forms. 

Further, we present a formalism called PSIPLAN, based on ■(/'-forms, for reasoning and 
planning in partially known worlds. PSIPLAN offers a unique combination of tractability, 
expressivity and completeness of reasoning. This makes it uniquely suited for applications 
where the set of all domain objects can never be acquired, and the ability to generate 
and explore alternative plans while avoiding redundant execution is critical. One of the 
advantages of PSIPLAN compared to other representation used in open world planners, 
is the fact that all reasoning about actions and states in PSIPLAN is carried out without 
an explicit manipulation of the set of possible worlds. This property reduces a planner's 
sensitivity to the amount of irrelevant information, which causes some planners that use 
explicit enumeration of the possible worlds to blow up. 

A partial order planning algorithm (|31j) called PSIPOP based on PSIPLAN is pre- 
sented in UJ. PSIPOP is sound and complete for the planning domains in which the set 
of all domain objects is infinite or can never be fully acquired. As a partial order planner, 
PSIPOP produces a solution in a form of a partially ordered set of steps, which can be 
linearlized or used as a basis for a parallelized plan. The goal language of PSIPOP includes 
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quantified goals with exceptions such as (b) that no other implemented domain independent 
planner has been shown to handle. 

An extension of PSIPLAN that includes sensing actions and knowledge goals is pre- 
sented in P] . A planner that uses the extended representation for planning with sensing and 
interleaved execution (PSIPOP-SE) was used in a collaborative interface called Writer's Aid 
[3]. Writer's Aid helps an author writing an academic manuscript by simultaneously and 
autonomously identifying, locating and downloading relevant bibliographic records and pa- 
pers from the author's preferred local and Internet sources. The use of PSIPLAN at the core 
of Writer's Aid ensures the expressiveness of its goal language, and its ability to precisely 
identify the missing information and never engage in redundant search, while exploring all 
possible courses of action. 

In this paper we make the following contributions: 

• We present a complete description of the language of ip- forms and -^-form calculus, 
and report on the complexity of the calculus operations. The ^-form calculus is an 
integral and critical part of PSIPLAN reasoning, and, thus, its algorithms, complex- 
ity and completeness properties bear direct effect on the properties of PSIPLAN- 
based planners (0 121 El) as well as a Graphplan-style (|D|) conformant planner 
currently under development.) 

• We introduce PSIPLAN representation of an agent's incomplete state of knowledge 
and illustrate it with examples. We further present PSIPLAN's action language and 
a procedure for state update after an action, and prove important properties of the 
update procedure, including its completeness. 

1.1. Prior Approaches. The lack of universally quantified reasoning in open- world plan- 
ners (e.g.^J, [Tl|.|36j. 001) EH- P [25] . [SHO precludes their use in domains in which 
the set of all objects is not known, very large, or infinite ((Ml, |16j L 

On the other hand, situation calculus-based approaches (e.g. ^Hl> |34j . |26j ^ have the 
expressivity of full first order logic (FOL), and thus admit planning problems with arbi- 
trary quantified formulas. However, a complete planner based on the unrestricted situation 
calculus , i.e. that relies upon the full FOL, is impossible due to the undecidability of en- 
tailment in FOL. Recently, Liu and Levesque have presented a subset of situation calculus, 
with a tractable, sound and complete action projection under certain restrictions (J3U| ). 
Other related approaches to reasoning about actions incorporating first-order features are 
presented in (37j and [SHI- These works are reviewed in Section 

The LCW (for Locally Closed Worlds) language of Etzioni et. al. JH] is designed to 
achieve expressivity and tractability for open world reasoning and is most closely related to 
PSIPLAN. LCW sentences specify the parts of the world for which the agent has complete 
information. It does this by collecting formulas $ where the agent knows the truth value 
of every ground instance of For example, if the agent knows all fragile items that are 
in box B, it states LCW(In(x, B) A Fragile(x)). Combined with a propositional database 
that states that In(Vase, B), Fragile(Vase), the agent can conclude that nothing is fragile 
in B except for the Vase. 

LCW reasoning, although tractable, is incomplete |16[ 1^. There are two sources of 
incompleteness in LCW: (1) incompleteness of inference and (2) inability of LCW state- 
ments to represent exceptions, i.e., the inability to state that the agent knows the value of 
all instantiations of formula <I> except some. These are the key difference between the LCW 
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and PSIPLAN representations; PSIPLAN reasoning is complete, and PSIPLAN can also 
express what exactly is not known via the tp-form exceptions mechanism. Adding a similar 
mechanism to the LCW framework would require the development of new entailment pro- 
cedures, methods for state update and operations underlying the planning techniques akin 
to those developed in this paper. 

As a result of the lack of exceptions in LCW sentences, when one or more instances 
of $ is unknown, LCW{§) cannot be stated. This limitation on the expressive power will 
sometimes cause known information to be discarded from the LCW knowledge base upon 
updating it after an action, even when the effects of the action are completely specified, do 
not cause information loss, and create no new objects. For example, consider the result of 
moving an object Cup from some other box to box B in the situation where LCW(In(x, B)A 
Fragile{x)) is asserted. If it is not known whether the Cup object is fragile, the LCW 
statement above no longer holds and thus must be discarded, effectively discarding from 
the knowledge base all instances of In{x, B) A Fragile(x) that are known to be false. 

PSIPLAN subsumes a large part of the LCW language. Every knowledge state repre- 
sented by an LCW-based representation can also be represented in PSIPLAN, except for 
those situations which require an LCW statement LCW($>), where <3? contains atoms that 
unify when all variables are renamed to be distinct 1 . On the other hand, there are states of 
knowledge that PSIPLAN can represent accurately, but LCW cannot. 

Both LCW and PSIPLAN representations can be used in planning with sensing PIE]. 
Since LCW's reasoning is incomplete, however, planners based on LCW are inherently 
incomplete. To help remedy this, LCW based planners use sensing actions to find out facts 
they cannot infer, but this only works when an appropriate sensing action is both available 
and not too costly. In general, there is no effective replacement for sound and complete 
reasoning. 

The LCW ^H] representation is extended in |2H1 E3 to handling exceptions. However, 
both of these works only consider the setting in which there are no actions that can change 
the world, do not address a changing world or planning, and do not present any methods 
that would make these extensions amenable to their use in reasoning about actions. 

1.2. A brief look at PSIPLAN. 

Example 1.1. A robot operating in a warehouse is told that there are no fragile goods in 
any of the boxes except possibly for the box marked FragileStuff, i.e. 

Vg, c . -^Box(c) V ~^In(g, c) V ^Fragile(g) V c = FragileStuff (1-1) 

Here Box(c) states that c is a box, In(g,c) states that item g is in container c, and 
Fragile(g) states that g is fragile. Note that 1)1.1(1 does not state whether or not FragileStuff 
actually contains any fragile items. 

In PSIPLAN, statement (|l.lj) is represented by the following ^-form that represents 
a conjunction of all ground clauses 2 that can be obtained by instantiating the formula 
-ii?ox(c) V ~^In{g,c) V ^Fragile(g) in all possible ways except for instantiations in which 
c = FragileStuff. This is written as the -0-form 

if) = [-iBox(c) V -iln(g,c) V ^Fragile(g) except {{c = FragileStuff}}]. (1-2) 

1 These limitations are related to the definition of fixed length ■0-forms presented in Section |5] and are 
critical to the tractability of t/>-form reasoning. 

2 A clause is a disjunction of literals. A clause is ground if it contains no variables. 
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whose interpretation is exactly the same as Here and below, lowercase letters in 

^-forms denote implicitly universally quantified variables, while symbols that start with a 
capital letter denote constants. 

Suppose, it is also known that a bottle of wine is the only fragile item. Consequently, 
it is in the FragileStuff box, i.e. 

B ox (FragileStuff), I n(Wine, FragileStuff), Fragile(Wine) (1-3) 

With PSIPLAN, the original situation comprised by 1)1.1(1 and (|1.3|) is represented as 
the following state of knowledge 

J ip = [-i-Box(c) V ~^In(g, c) V -^Fragile(g) except {{c = FragileStuff}}], 
\ B 'ox {FragileStuff), 1 n(Wine, FragileStuff), Fragile(Wine) 

Now suppose that a new container BoxW is brought into the room whose contents are 
completely unknown. In the resulting situation, the location of all fragile goods is known 
except for those that might be in BoxlO. The PSIPLAN state update would yield the 
following new state of knowledge s' by adding the atom Box(BoxlO) to s and adding an 
exception to ij) yielding 

ij/ = [-iSox(c) V -^In(g,c) V -^Fragile(g) except {{c = FragileStuff} , {c = BoxlO}}]. 

The updated state of knowledge s' represents the new situation precisely: 

s' = 

j ijj 1 = [->Box{c) V -<In(g,c) V -<Fragile(g) except {{c = FragileStuff}, {c = BoxlO}}], \ 
\ Box (FragileStuff), Box(BoxlO), In(Wine, FragileStuff), Fragile(W ine) J 

(1.5) 

PSIPLAN's action language includes actions with ip-lorm. preconditions. For example, 
the action lift of lifting object B, requires that there be no fragile items in it, i.e. 

[-Jn(s, B) V -nFragile(g)] (1.6) 

When an agent whose state of knowledge is described with s' U Box(Box5) is given 
a goal of lifting box Box5 from its location, it will establish that the precondition 
[-^In(g, Box5) V ^Fragile(g)] of the lift action is entailed by tjj' and proposition Box(Boxb). 
Indeed, if no boxes contain fragile goods, except for the box FragileStuff and possibly BoxlO, 
then there are no fragile goods in Box5. The PSIPLAN reasoning algorithms that are in- 
volved in this inference do not expand the universal quantification in the universal base and 
do not require the knowledge of all domain objects by the agent. 

Another illustration of the advantage of PSIPLAN's ability to reason with quantified 
sentences is an example from the blocks world domain. PSIPLAN eliminates the need for 
predicate Clear(B) as a way of stating that nothing is on block B. Instead, PSIPLAN's 
representation uses [-^On(b, B)]. The advantage of using the latter representation is that 
the fact that block A is on block B by itself implies that block B is not clear, eliminating 
the need to state ^Clear(B) as another effect of moving block A onto B. 

This use of quantified preconditions distinguishes PSIPLAN from other representations 
(HU, 0j EH, [131, P, E3, E2), that only admit actions with preconditions 

limited to atoms or literals. On the other hand, many of these conformant planners handle 
actions with conditional effects, which are absent from PSIPLAN. While PSIPLAN can 
be easily extended to represent actions with conditional effects, complete planning with 
conditional effects is in the complexity class E2-P (e.g. [El EE])) while complete planning 
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with PSIPLAN appears to be an NP-complete problem. This issue is further discussed in 
Section 15.21 

PSIPLAN admits procedures for entailment and state update after an action (including 
actions that introduce a new object) that are sound, complete and take polynomial time. 
In particular, the complexity of entailment grows linearly with respect to the number of 
^-forms in the knowledge base when the number of literals, variables and exceptions in 
each '(/'-form are bounded. The complexity bound on ^-form reasoning is polynomial in the 
number of exceptions. 

The rest of the paper is organized as follows: Section [2] formally defines ^-forms and 
presents a few simple properties. In Section |21 we present the -0-form calculus and com- 
plexity results. Section |1] introduces the PSIPLAN representation of a state of knowledge, 
actions and state update after an action. Section [5] contains an overview of the related 
work. Finally, Section summarizes and draws conclusions. 

2. The language of ^-forms 

2.1. Definitions and notation. We assume no function symbols except for constants in 
the language. The number of constants is infinite. 
The general form of a ^-form is: 

i> = hQi(aTi) V ... V ->Qk(xk) except {cr 1; . . . , a n }\ (2.1) 

k > 1 and n > 0, and each Qi{xi) is any atom whose only variables are X{. The clause 
-iQi(xi) V ... V ->Qk(xk) is called the main clause of ip and is denoted by M(ip). The set 
of all variables of the main clause, i.e. the set x = (jf=i is denoted by V(tp). 

Each Oi is a substitution on a non-empty subset of variables in V(ip), that binds a 
variable to another variable from V(ip), or to a constant. The set of all substitutions 
appearing in a ^-form is denoted Each o~i represents exceptions of tp. Thus, a -0-form 

can be abbreviated as [A4(ip) except £(V0]- 

When £(?/>) is empty, we call such a ^-form simple and write [A'l(V')] instead of 
[M(ip) except {}]. A simple ip-form with no variables is called a singleton and represents 
a single ground clause. 

Given a ^-form ip = [A4(ip) except S^)] we wm nee d to refer to the following: 

• a simple ip-iorm [A4(ip)] that is obtained from the main clause of t/>, called main 
part. 

• simple ^-forms that are obtained by instantiating the main clause with substitutions 
from £(?/>), called exception forms. For each <jj from S(^), we call M.{ip)o~i the 
i-th exception clause denoted £i(ip). is the set of all of ^'s exception forms: 
{[fi(V)]|l<i<|TO)||}. 

We use C and V to denote respectively the maximum number of literals and number of 
variables in the main clause for a given set of ^-forms. We use E to denote the maximum 
size of the set S(^). The cardinality of each predicate is assumed to be constant bounded, 
thus the time for unification of two literals is also constant bounded. 

Unless noted otherwise, everywhere in this paper symbols x,y, z, x\, y\, z±, ■ ■ ■ denote 
variables, capital letters A,B,... denote constants , and ip,ipi, ■ ■ ■ - denote ^-forms. Also, 
we assume that the variables in two distinct ^-forms are always renamed to be distinct. 



EFFICIENT OPEN WORLD REASONING FOR PLANNING 



7 



Name Notation Example ip = [—>P(x, y, z) V ^Q(y, A) 

except {x = A}, {x = C,y = D}] 



main clause 


M{ip) 


^P(x,y,z)\/^Q{y,A) 


main part 




[^P(x,y,z)V^Q(y,A)} 


variables 


v(V) 


{x,y,z} 


exceptions 


£(</,) 


{{x = A},{x = C,y = D}} 


exception clauses 




^P(A,y,z)\/^Q(y,A) 






->P(C, D, z) V ^Q(D, A) 


exception forms 


sty) 


{hP(A, y, z) V -nQ(y, A)], [-,P(C, D, z) V ^Q(D, A)}} 



Figure 1: Summary of ip-iovm notation. 



mm]) 




Figure 2: The set of clauses denned by a ip. <p{ip) is depicted as the gray area and consists 
of all clauses of the main part [.M^)] that are not exceptions, i.e. are not in any 
of . . . , [£^(ip)] . The main part [<M(V0] contains the superset of all clauses 

of ip. 



2.2. ^-forms as Sets. A ip-foim is a representation of a possibly infinite set of ground 
clauses. Here and throughout the paper, clauses that consist of the same set of literals are 
considered equal. The logical equivalence of such clauses allows us to disregard the order 
of their literals. 

We define the set of ground clauses represented by a ^-form ip, called a ^-set and 
denoted <f>(ip), as follows: 

(1) When ip is simple, the set defined by ip consists of all ground instantiations of the 
main clause 

(f>(iP) = {M{i>)a | M(ip)a is ground} (2.2) 
This definition implies 4>([c\) = {c}, when c is a ground clause. 

(2) When ip is not simple, the set defined by ip consists of all ground instantiations of 
the main clause minus the set of all ground instantiations of exception clauses. 

4>{ip) = <k[m(ii>)]) - m^)\) Hfinim, (2.3) 

where n = ||E(^)||. Any clause in the set p([£i(ip)]) U . . . U p([£ n (ip)]) is called an 
exception of ip. 

Figure [21 illustrates the definition of a ip-set. 
To combine and compare ip-sets represented by different ^-forms, we introduce set 
operations and define the resulting ip-set as follows. 
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(1) For a set of ?/>-forms {?/>i , ■ ■ ■ , ipk} their ip-set is the union of the ^-sets of its elements. 

0({Vi,...,^}) = uf =1 ^), (2-4) 

(2) An expression 0± * CI2, where 1 and 2 denote either a single -0-form or a set of in- 
forms, and * denotes any of the set operations n, U, — , > or — (last two operations are 
defined in the next section) represents a set of ground clauses obtained by applying 
the * operation to the corresponding ^-sets. 

n 2 ) = ^(Di) *<f>(n 2 ). (2.5) 

(3) Let A and B be ^-forms or ^-form expressions. We write A = B and call A and B 
equivalent if and only if <f>(A) = 4>{B), in other words, the sets of ground clauses 
represented by each ^-form or expression are the same. 

For example, the statement ip\ = represents the equivalence of two ^-sets: (f>(ipi) 

and 4>(ip2 (~1 ips). The latter, in turn, according to definition ()2.5j) denotes the intersection 

2.2.1. ip-set Membership. We say that a ground clause c is in □, written c£ D instead of 
c G (/»(□). 

Thus, according to <\2.'d\i . given a ^-form tp, a ground clause c is in -0 if and only if it 
can be obtained by instantiating the main clause, M(tp), with some ground substitution a, 
and cannot be obtained by instantiating any of ^'s exception clauses £i{ip), ■ ■ ■ ,£ n (ijj). 

c G V iff 3d . c = M(ip)a and V0, i . 1 < i < n c / $(^)0 (2.6) 
We also define membership of a clause in a set of 0-forms I in the obvious way: 

c£$ iff 3^ G^.cG-0 (2.7) 

Deciding the membership of a ground clause in a simple ■i/'-form amounts to finding a 
substitution a that matches the literals in the main clause of the ^-form with the literals 
of the clause. In a ^-form with exceptions, after establishing membership in the main part, 
[•A4("0)], it is necessary to verify non-membership in the ^-form's exception forms, all of 
which in turn are simple ^-forms. 

We define an operation set-match that computes such matching substitutions used to 
generate a clause from the main clause of a ^-form. Given two clauses a and b, where 
variables in a and b are distinct and denoted V a and Vb respectively, we say that a set- 
matches with b if and only if there exists a substitution a on variables in V a such that 
ao~ = b. The set of all most general such matching ex's is denoted MGU=(a, b, V a ). 3 

Example 12.11 below demonstrates that there can be more than one way a ^-form clause 
can set-match with a ground clause. 

Example 2.1. Let tp = [->P(x) V ->P(y) except {{x = A}}] and let c = ->P(A) V ->P(B). 
There are two substitutions o\ = {x = A,y = B} and 02 = {x = B,y = A} such that 
M(ip)ai = M(tp)(T2 = c. However, c can also be generated by instantiating the exception 
clause £i(ip) = ~^P{A) V —>P(y) with substitution {y = B}, therefore c g" ip. 



Two substitutions a\ and 02 are equal if and only if the two can be made identical by consistently 
renaming variables in both. Thus MGU=(a,b, V a ) does not include two equivalent substitutions. 
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The possibility of multiple different instantiations producing the same ground clause 
complicates the reasoning with ^-forms of this type, as even deciding membership of a 
ground clause in a ip-iovm becomes somewhat more problematic compared to the case of 
'(/'-forms for which each ground clause is generated with a unique substitution. Essentially, 
when each ground clause is obtained with a unique instantiation of the main form, checking 
c € ip amounts to computing a set-match MGU=(A4(ip), c, V(ip)) and, in case the set- 
match results in a substitution a, checking that a is not a superset of any substitution 
in ?/>'s exceptions When, as in the Example 12.11 MGU=(M.(ip), c, V(ip)) consists of 

more than a single substitution, we must consider all such substitutions in relation to the 
exceptions. To avoid the increase in the complexity of reasoning we introduce a notion of 
a fixed length i/'-form. 

A -0-form is called fixed length if and only if no two literals of the main clause unify 
when the variables in both literals are renamed to be distinct. Thus, [~^P(x, A) V ^P(B, x)} 
is not a fixed length ^-form, because ^P(xi,A) and —iP(B,X2) are unifiable. On the other 
hand, \—<P(x, A) V ^P(x, B)] and [—iP(x, A) V —>Q(y)] are examples of fixed length ^-forms. 

Observation 2.2. When ip is a fixed length '(/'-form, there is a unique a for each clause 
c € such that A4(ip)a = c. 

Proof. The proof is by contradiction. Assuming there is a ground clause that is generated 
by more than one substitution on M(tp), it is possible to construct a unifier for two literals 
of the main clause. □ 

Other important properties of fixed length ■(/'-forms ensuring reduced complexity of 
reasoning are discussed in the end of Section 13.61 

Thus everywhere except for general ip-form entailment theorems in Section f3. 31 we limit 
our attention to fixed length '(/'-forms. 

A '(/'-form is called well-formed if and only if it has no redundant exception forms, i.e. 
there is no subsumption between any two exception clauses. Any ^-form can be reduced to 
a well-formed equivalent; henceforth, we only consider well-formed ^-forms. The reduction 
procedure is simple and consists of examining pairs of different substitutions cxj, o~j of 
If crj C o-j, then (and only then) [£j (?/>)] C [£j (?/>)], and so we remove Uj from and vice 
versa. In the worst case we will need to examine E(E — l)/2 pairs. 

2.3. ^-form Logic. An interpretation or world is a triple (D, M, A), where D is a 
domain, M is a mapping between the constants of the language and the domain objects, 
and A is a truth assignment on all ground atoms of the language. We limit worlds to those 
with infinite domains. We further assume each constant denotes a distinct domain object. 
A model of a proposition is a world that assigns true to that formula. 

When s is a proposition or a set of propositions and w is a world, we write w(s) if and 
only if w(s) is true in w. For a set of propositions to be true in w, each element must be 
true in w. We write I(s) to denote the set of all models of s, i.e. I(s) = {w\w(s)}. 

We use the standard rules regarding the interpretation of atoms, negation and logical 
connectives. A ^-form or a set of ■(/'-forms, denoted below by □, is interpreted as (a possibly 
infinite) conjunction of all ground clauses it represents, and therefore 




(2.8) 



ce<j>(n) 
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Now that we have defined an interpretation for ^-forms we can define entailment in 
a logical language containing ^-forms in the usual way. A formula a entails a formula 6, 
denoted a (= b, if and only if every model of a is also a model of b, i.e. 1(a) C 1(b). 

We first examine the entailment between two ground clauses of negated literals. We 
write ci C C2 when a set of literals of the clause c\ is a subset of the set of literals of the 
clause C2- It is easy to see, that given two non-empty grownd clauses of negated literals 
ci and C2, c\ \= 02 if and only if c\ C C2. Further, observe, that when 1 and 2 are two 
^-forms or sets of i/'-forms Di = 2 if and only if Di \= 2 and ^2 |= □].. 

Note as well, that ip = [Q(x) except {a±, . . . , a n }] can be equivalently written as a first 
order formula that universally quantifies the variables of ip: 

Vx . Q(x) V ci V . . . V c n , 

where each q is an equality constraint obtained from cjj, for instance if o"j = {cc = A, y = B} 
then Ci = (x = A A y = B). We therefore call non-singleton ^-forms quantified. 

3. Calculus of ^-forms 

In this section we present the calculus of ■(/'-forms. We first demonstrate how subset, 
intersection and set-difference between ^-forms are computed in simple cases. These opera- 
tions lay the foundation for algorithms that compute entailment, as well as the computation 
of image and e-difference operations, which we define here. These operations are essential 
parts of reasoning and planning with -(/'-forms. For example, they are used in PSIPOP ([3]) 
and PSIGraph planners to determine if an effect of an action can bring about or 

undo a goal. E-difference is also used in the PSIPLAN's state update computation ()4.6|) . 
presented later in this paper. Sound and complete methods of computing entailment, image 
and e-difference of fixed length ^-forms are presented in the form of theorems that are easily 
convertible to algorithms. We summarize the complexity of computing entailment, image 
and e-difference between ^-forms in PSIPLAN. 

3.1. Operations C,n and — . The operations subset, intersection and set-difference be- 
tween '(/'-forms are defined in the obvious way: for any ground clause c 

c £ Di * 2 if and only if c S 4>(^i) * $(^2) 

where □ represents either a single ^-form or a set of i/'-forms, and * represents any of the 
operations C, fl or — . Calculation of C,n and — is straightforward for simple fixed length 
V'-forms. 

[M.(i>i)] C [M(ip2)] if and only if all of [M(4>i)Ys clauses are also clauses of [M(4>2]]- 
This requires that the main clause M.('4 ) 2) set-matches onto A4(ipi) with some substitu- 
tion a. When this is true, for every ground substitution o\ on the variables of ip\, there 
is a ground substitution a 2 = oo\ on A4(^2) such that M.(^)\)a\ = A4(tp2)^2- Thus, 
for any ip\ and 1^2, checking whether or not [.M(V'l)] C [^(^2)] amounts to computing 

MGU s (Mfo),MU>i),V(ifo))- 

fl [At (^2)] is defined by all ground substitutions a g such that M(ipi)<T g = 
M(ip2)&g- The set of most general cr's for which A4(tpi)a = Ai(ip2)& defines a set of main 
clauses that generate the ip-iorms denoting the intersection [A / l(V'i)] H [Ai(ip2)]- 
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Trans (a, ip) 

- Returns part of a that binds variables of i/j in exception-conformant format 

1. In er, replace all groups of bindings of the form v\ = v, . . . , v n = v, 
where n > 1, i>i, . . . v n £E V(fa, and v ^ V(fa with a set of bindings: 
vi = v n , . . . ,v n -i = v„. 

2. Further, remove from a all bindings involving variables that are not in V(fa. 

3. Return a 



Figure 3: Procedure Trans(a,fa transforms a substitution a into format suitable for the 
exceptions of ip. 



We say clause a set-unifies with clause b if and only if there exists a substitution a 
such that aa = bo, denoting the set of all most general such cr's by MGU=(a,b). Thus, 
[M(fa)\ n [M(fa)\ = {[M(fa)a]\a G MGU s (M(fa),M(fa))}. 

The intersection of the main parts of two ^-forms ip\ and ip2 consists of the clauses 
denoted equivalently by each of the two sets of i^-forms 

{[M{ipi)a] \a G MGU={M{ih),M(ifa))}, and 
{[My 2 )o-] \a G MGW s (Mtyi),Miih))}. 

For example, when Vi = [->P(x,A)] and ip 2 = [->P(B,y)], MGU=(M(tpi), M{ifa)) = 
{{x = B,y = A}} and fa n ^2 equals {->P(-B, A)}. 

When -01 is simple and is a subset of LA/f(V>2)] and both -0-forms are fixed length, sub- 
tracting fa from fa is a matter of adding a substitution a = MGU=(A4(fa), A4(tpi), V(fa)), 
which generates fa from M.(fa), to T,(fa). Indeed, [A4(fa)a] equals fa, thus, by adding 
a to Ti(fa) we are subtracting from fa the clauses of "01- As a matching substitution, a 
may contain bindings on variables of fa either to variables of fa or to constants. Procedure 
Trans{a,fa), presented in Figure generates an equivalent substitution, which uses only 
variables from V{fa), as only those variables can appear in the set of fa's exceptions. 

Figure contains examples of -0-form calculations described to this point. 

When fa is simple, and both fa and fa are fixed length, but fa is not necessarily a 
subset of [M.{fa)\, the computation of fa — fa is reduced to the previous case by observing 
that fa - fa = fa - ([M(fa)] n [M(fa)]), since \M{fa)} n [M(fa)\ is a subset of [M(fa)]. 
When [_M(V>i)] H [A^Y^)] is empty, then fa — fa is just fa. 

Operations of D, — and C for two simple fixed length ^-forms and membership of a 
clause in any ^-form each take constant bounded time when the number of clauses, variables 
and exceptions in a ^-form are constant bounded. 

3.2. E-Difference and Image. To capture the relations between parts of ^-forms neces- 
sary to formulate the ^-form entailment theorem, we introduce two new operations: the 
image, denoted fa>fa, is the subset of fa that is entailed by fa, and the e- difference, de- 
noted fa — fa, is the subset of fa that is not entailed by fa. Thus, (fa — fa) and (fa >fa) 
always partition fa. 

Formally, for any two sets of ground propositions A and B, e-difference and image 
are defined respectively as follows. 

B^A = {b\b£B A A^b}, 
A>B = {b\beB A A |=6}. 
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Calculation a,b/Operator Result 



a = ^P(x,y),b = ^P(v,A) 
MGU=(a,b,V a ) = {{x = v,y = A}} 

yes 

a = ->P(B,y), b = ->P(A,x) 
MGU^(a,b,V a ) = 
[b] C [a] ? no 



a = ->R(x, y, z, A) V ->Q(t), b = ->R(w, C, v, A) V ->Q(w) 
MGU^(a,b) = {{x = w,y = C,z = v,t = w}} 
Trans(MGU s (a, b), [a]) = {{ x = t,y = C}} 

[a]n[b] {[^R(t,C,z,A)V^Q(t)]} 

[a] - [b] [->R(x, y, z, A) V ->Q(t) except {{x = t,y = C}}} 

Figure 4: Examples of the calculus computations involving set-match (p. |HJ) and set- 
unification (p. operators on simple ^-forms [a] and [b]. 

Example 3.1. Let A = {p, —>q} and B = {p, r, —>q V —>v}. Then, A > B = {p, —>q V —>v} and 
B^A = {r}. 

The following equivalences trivially follow from the definitions. 

B JL A = B- (A>B) (3.1) 

A> B = B — (B — A) (3.2) 
As we show later in this section, the operations > and — applied to fixed length -0-forms 
produce sets of clauses that can always be represented by a finite set of fixed length ^-forms. 

3.3. Entailment. The next Theorem establishes the fact that a set of ^-forms ^ entails 
another ip-iovm if) if and only if for each clause of if) there exists a clause in ^ entailing 
it. The intuition behind this observation is: any two negated ground clauses c\ and C2 
conjoined entail the same set of negated ground clauses as the union of clauses entailed by 
each of c\ and C2 separately. 

Theorem 3.2. Given a set of ip -forms ^ = {tpi, . . . , ip n } md a if; -form if) , \P |= if) if and 
only if for every ground clause c £ if) there exists a ground clause d € ^ such that d \= c. 

Proof. (=>) A proof by contradiction is straightforward and thus omitted. 

(<J=) Trivially follows from the definition of entailment. □ 
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Figure 5: For a set of ^-forms {ipi, ip2, "03 } to entail another ^-form ip there must be a 
^-form in the set {ip2 in the figure) whose main part entails the main part of tp. 

The property critical for the efficiency of ip-form reasoning is formulated in Theorem 
13.41 and depicted in Figure El given a set of "0-forms ^ = {ipi, • • • , f/'n} \= ip only if there 
is a ^-form i/); £$ that nearly entails tp, i.e. LW^i)] |= [.M (?/>)]. 

Nearly entailment is a necessary condition for '(/'-form entailment. As follows from 
Theorem 13.31 entailment between two simple ^-forms is a matter of finding what we call a 
subset-match, or subsumption of their main clauses. 

Given two clauses a and b, where variables in a and b are distinct and denoted V a and 
Vb respectively, we say that a subsumes b (or a subset- matches b ) if and only if there 
exists a substitution a on variables in V a such that aa C b. We denote by MGU c (a,b,V a ) 
the set of all such it's. 

Note that there can be more than one way a clause can subsume another clause. For 
example, matching a = P(x,y) onto b = P(z,D) V Q(D,E) V P(A,B), produces two dif- 
ferent substitutions: {x = z, y = D} and {x = A, y = B}, and hence MGUc(a, b, {x, y}) = 

{{x = Z) y = D ^ {x = A) y = B}}. 

Theorem 3.3. Given two simple ip-forms, ip\ and ip2, ipi \= ip2 if an d only if the main 
clause of ipi subsumes the main clause of tp2, i-e. there exists a substitution a such that 
M{i>i)a C M(ip2) and consequently MGU Q (M{i>i), M{^ 2 ), V(^i)) + 0. 

Proof. (=>) Given ipi \= ip2, suppose that 

M(^ 1 ) = {^Q 1 (x 1 ),...,^Q n (x n )} and M(fa) = {-Pi (ft), • • • , -Pfc(ft)} ■ 

Assume MGU Q (M(i/>i), M(ifa), V(V>i)) = 0. 

This means that for any substitution a on variables of ipi, there exists a literal in 
M.(ipi)a, which does not match any of {—P^yi), . . . , ^PkiVk)}- We can assume without 
any loss of generality that the mismatched literal is ^Qi(x\). Note that the mismatch can 
occur due to one of the following reasons (we also call them mismatch types) : 

(1) the predicate denoted by Q\ is not the same as denoted by Pi, 

(2) the argument list of Qi{x\) has a constant, call it a matching value, at the position 
where Pi(yi) 7 s argument list has a variable, call it, a mismatched variable. 

(3) the argument list of Qi(x±) has a constant, call it E>i, at the position where Pj(ft) 
has a different constant, C%. 

We now construct a clause from ip2 and show that it cannot contain as a subclause any 
clause of According to Theorem 13.21 we would then contradict the fact that ipi \= ip2- 

Let P' be an instance of M(4>2), which is obtained by assigning to each variable in 
V{tp2) a constant value which does not occur anywhere in A4(ipi). Since the number of 
constants in the language is infinite, this can always be done. Since M{ip{) does not subset 
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match onto M(tp2), it surely does not subset match onto P', because for any substitution 
a on V{ip\) the number of mismatches between any Q and any literal of P' is at least the 
same as the number of mismatches between a Q and a P in M(ip2)-> or higher, because of 
the new mismatches of type 01 Therefore, there is no instance of M{ip\) that is a subclause 
of P'. 

(<=) The existence of o such that M.(ipi)a C M.^2) means that for every ground clause C2 
of ^2, assuming C2 = M.(tp2)o~', there is a clause c\ in tp\, c\ = M(tpi)aa' , which is a subset 
of C2, and therefore tpi \= ip2- D 

We proceed to the necessary condition for ^-form entailment. Theorem 13.41 states that 
in order for a set of ^-forms \E' to entail another ip-form ip, there must exist a ^-form in \& 
that nearly entails ip, i.e. whose main part entails the main part of ip. 

Theorem 3.4. Given a set of if) -forms ^ = {tpi, . . . ,ip n } an d a ip-form ip, (= ij) only if 
there is a i^-form ipi in such that ([M(4>i)] \= [M(ip)]). 

Proof. We construct a clause of [.M(V')] and show that if none of [M (ipi )],..., [.M(V'n)] 
entail it, then . . . , ip n } does not entail ip. 

Suppose none of [M{tpi)], • • • ,[M(ip n )] entail [.M(^)]. Therefore according to Theo- 
rem E31 none of the main parts of these ^-forms subset match onto A4(ip). Let a be a 
substitution on V(i/j) that assigns to each variable a constant value that does not occur 
in any of ipi, . . . , tp n , nor in the exceptions of ip. This is always possible due to infinite 
number of constants in the language. None of the clauses in A4(ipi),... ,A4(ip n ) subset 
match onto c = M(ip)cr, because none of the main clauses of these '(/'-forms subsume 
A4(tp) and the constants of a do not appear in any of . . . , LW(?/; n )]. Thus, the 

clause c = M.(ip)a of ip is not entailed by any clause in {[.M(?/>i)], . . . , [M.(ip n )]}. Since 
$ Q {[M(ipi)], . . . , [M(ip n )]}, according to Theorem E2] we conclude that ^ )f= ip. We 
arrive at a contradiction. □ 

The next example demonstrates that Theorem l3 . 4l cont ains a necessary but not sufficient 
condition for the ?/>-form entailment, and further motivates the operations of image and e- 
difference. 

Example 3.5. Consider two ^-forms ifti and ip2 below. 

ipi = [—>In(x,Boxl) V ~^Fragile{x) except {{x = Wine}}] 
ip2 = [->In(y, Boxl) V ~^Fragile(y) V ~^Owner(y, Joe)] 

Here, In(x, y) states that x is in y, Fragile{x) denotes that x is a fragile item, and 
Owner(x, y) denotes that x's owner is y. Thus, tp\ states that there are no fragile items in 
Boxl except for possibly a bottle of wine. ip2 states that there are no fragile items in Boxl 
that are owned by Joe. Notice that ip2 is simple and thus ip2 = ("02)] • 

The main clause of ip\ subsumes the main clause of ip2 , so ipi nearly entails ip2 ■ There- 
fore, the main part of ipi, [M{tpi)] entails ip2, but because the exception of tpi weak- 
ens it, ip\ does not entail ip2- In fact, ip\ entails all clauses of ip2 except for the clause 
^IniyVine, Boxl) V -^FragileiWine) V ^Owner(Wine, Joe). 

The only clause of ip2 that is not entailed by ipi is ^In(Wine, Boxl)V^Fragile(Wine)W 
^Owner(Wine, Joe), which is exactly the clause entailed by ipi's single exception, i.e. 

ip2~' l Pi = [£iC0i)] > ^2 = [-<In(Wine, Boxl) V ->Fragile(Wine) V ->Owner(Wine, Joe)]. 
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[£i(^>i)] = [->In(wine, Boxl) V ^Fragileiwine)] 




^2 — 'Pi = [—>In(wine, Boxl) V ^Fragile(wine) V -^Owner{wine, Joe)] 



Figure 6: Illustrates Example 13.51 The small ellipse inside ip2 represents the only clause of 
ip2 n °t entailed by ip\, i- e - ip2—ipi- The area between the outer and the inner 
ellipsis is the image -0i > -02 - 



The image ip\ > ip2 is simply ip2 with a single exception added: 

ipi > ip2 = [^Iniy, Boxl) V -^Fragile{y) V ~^Owner{y, Joe) except {{y = Wine}}]. 

So, while tpi nearly entails ip2, the e-difference 1P2 — 1P1 is not empty, i.e. ip\ does not 
entail ip2- This is illustrated in Figure H3 

Theorem 3.6. ?/>-form Entailment. Let ip\, . . . ,ip n and ip be arbitrary ip -forms, 
{ipi, . . . , ip n } \= ip if and only if there exists a k,l < k < n, such that: 

• [A4(ipk)] \= t-^W] (i-z-, the main part of ipk entails the main part of ip), and 

• {ipi, ■ ■ ■ ,ipk-l,ipk+i, ■ ■ ■ iipn} \=^p — ipk- 

Proof. The first requirement of this Theorem follows from Theorem 13.41 While the main 
part of ipk entails ip, the exceptions of ipk weaken tp^. Thus, each clause in ip — ipk must be 
entailed by some other ^-form in {ip\, . . . , ipk-i, V'fc+i; • • • ? ipn}- D 

Thus, in order for a set of ip-iorms \E r to entail another ^-form ip, there must exist a 
■0-form ipk in ^ that entails most of ip, and the rest of ip, i.e. ip — ipk must be entailed by ^> 
without ipk- 

We have formulated the necessary and sufficient conditions for ip-iorra entailment using 
e-difference. We next present the methods of computing image and e-difference via simple 
operations of subset matching and unification, first for simple fixed length ^-forms and 
then for fixed length -0-forms with exceptions. Complexity bounds for the computation of 
entailment, image and e-difference appear in Section [3.61 



3.4. Simple Fixed Length ip-forms. In this section, we present methods of computing 
the operations of ^-form image and e-difference for two simple fixed length ^-forms. 

The image ipi > ip2 denotes a set of all clauses of ip2 that are entailed by ip\, i.e. all 
clauses of ip2 that have a subclause in ip\. Thus, when ip\ and ip2 are simple fixed length ip- 
forms, computing ipi>ip2 reduces to instantiating A4(ip2) with subset-unifying substitutions, 
i.e. substitutions a for which M(ip\)a C M(ip2)cr. Formally, we say that a subset-unifies 
with b if and only if there exists a substitution a such that aa C bo, denoting the set of all 
most general such cr's by MGUc(a,b). 

For example, consider a = P(x,y), b = P(z,D) V Q(D,E) V P(A,B), and c = 
P(A,x). We have MGU Q {a,b) = {{x = z,y = D},{x = A,y = B}} and MGU Q (c,b) = 
{{z = A,x = D},{x = B}}. 
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Calculation 


a,b/Operator 


Result 




a = -<P(x,A), 
MGU Q (a,b,V a 


b = ^P(B,y)V^P(C,z)V^Q(y) 
)=0 


[a] h [b] ? 


MGUq (a, b) = 


no 

{{x = B,y = A},{x = C,z = A}} 


[a]»[b] 




{[-P(P, A) V -.P(C, ^) V -nQ(A)], 
[-nP(B,y)y^P(C,A) V-Q(y)]} 






y) V -.P(C, z) V -Q(y) except {{y = A}, {z = A}}} 



Figure 7: Examples of the entailment, image and e-difference computations on simple ip- 
formsThese computations utilize subset-match and subset-unification operators 
(defined on pages IT31 and 1151 respectively) . 



Theorem 3.7. Let ipi and ip2 be simple fixed length tp -forms. 

fh>ih = {[M(ih)a]\a€ MGUc(M(ih.),M(ifo))} 

Proof. It is easy to verify equality of the two sets by showing inclusion both ways. 

Computing the e-difference, 1P2 — 1P1, similar to the regular difference ip2 — ipi (page 
111(1 . amounts to adding exceptions to ip2- These exceptions represent the set of all clauses 
of [At (^2)] entailed by [M(ipi)], i.e. the image [At(Va)] > [At (^2)], and are obtained by 
computing the MGUc(M(ipi), M{ip 2 ))- 

Theorem 3.8. Let ip2 be an arbitrary fixed length ip-form and ipi be a simple fixed length 
ip-form. 

ih *..\, - I ' 1= V>2, 

V2 n \ {[M($ 2 ) except E(t/> 2 ) US']}, otherwise, 
where E' = {a' \o J = Trans(a,ip2), where a G MGU Q (M(ipi), M(ip 2 ))}. (Recall that 
Trans(a,tjj2) defined in Figured transforms substitution a to an equivalent one that con- 
forms to the format of exceptions of ip2 ■) 

Proof. To prove this theorem we use Theorem 13 . 71 and the equality ip 2 — ipi = ip2~ (V'l ^ ^2)- 
According to definition (|2.3j) 

[At(Y> 2 ) except E(V> 2 ) U E'] = [MM] ~ ^2) ~ [M(ih)o{] - ... - [At(^K], 

where E' = {a[, . . .,a' n }. Note that [At(^ 2 )] - £(^2) = 1P2, and that [At^M] U . . . U 
{M{^2)o-' n } =ipi> [At (^2)], and thus 

[At(V> 2 ) except E(^ 2 ) U E'] = - (^1 > [M(ifa)]). 

It remains to show that 

V> 2 - (Vi > [M{xl) 2 )}) =ih- (V>1 > fa). (3.3) 

Indeed (ipi > 1P2) = (tpi > [At (^2)]) — (ipi > £(^2))- Substituting the right hand side instead 
of (^1 > 1P2) hi (|3.3|) . we get 

V> 2 - (Vi > [A*($2)D = V>2 - [(V>1 > [At(V 2 )]) " W>1 > S{ih))] 
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Since (fa >£(fa)) is in £(fa) and therefore definitely not in fa, 

fa - (fa > [M(fa)\) = fo- > [M(fa)]) ~ (V>i > S{ih))] = 4>2- (fa > [M(fa)]) 

We have arrived at a tautology, which proves ()3.3[) . □ 
Note that the result of the e-difference may not be a well-formed ^-form. 



ComputeSimpleImg(?/;i, fa) 

- Computes > [M(fa)\ 

Compute 9 = MGUc(M(fa),M(fa)) 

Set = 

For each 0j g 6 do 

Set * = * U {[M{il>2)0i]} 
Return if? 



ComputeSimpleEDiff(^2, fa) 

- Computes fa — [M(fa)\ 

If MGU Q (M(fa), M (fa),V(fa)) ¥= 
Return 0. 

Compute 6 = MGU Q (M(fa),M(fa)) 
£' = 

For each ^ e 6 do 

Set £' = £' U Trans(0i, fa) 
Return {[^(^2) except E(^ 2 ) U S']}. 



Figure 8: Image and e-difference operations for simple ^-forms. 

ComputeSimpleImg(fa,fa) and ComputeSimpleEDiff(fa,fa) return 
[-A/f(/i/>i)] > [M(fa)] and fa — [M(fa)\ respectively. 

Figure presents examples of computing image and e-difference between simple in- 
forms, and Figure El presents algorithms for these computations, based on Theorems 13.71 

and nun 



3.5. Arbitrary Fixed Length i/>-forms. In this section, we present methods of computing 
the operations of faiorm image and e-difference for two arbitrary fixed length -0-forms. 

Let fa and fa be arbitrary fixed length ^-forms. To find either the image or the e- 
difference we first find the image of the main part of fa onto the main part of fa. Since the 
exceptions of fa weaken it, we must then calculate the part of [^(^2)] that is not entailed 
by fa due to the exceptions. We'll call this a set of "holes" ( denoted by H(fa,fa)). 

Formally, we define set of holes H(fa,fa) as follows 

H(fa,fa) = {[M(fa)\ > [M(fa)}) - (fa > [MM]), (3.4) 

i.e. holes are parts of [.M^)] that are entailed by [A / J(V ; i)], but not by fa. 

Image and e-difference operations are easily formulated using H(fa,fa). The image 
of fa onto fa consists of clauses of the main part of fa entailed by the main part of fa, 
i.e. [.M(^i)] [M(fa)\, minus the set of holes H(fa,fa) and minus fa's own exceptions. 
Similarly, the e-difference fa — ipi consists of the part of the main part of fa, [M(fa)], not 
entailed by [M(fa)], i-e. [M(fa)\ — [M(fa)] plus the set of holes H(fa,fa), minus the set 
of exceptions. These two facts are presented in the following two Lemmas. 

Lemma 3.9. fa > fa = (([M(fa)} > [M(fa)]) ~ H(fa, fa)) - £(fa) ■ 

Proof. Let A = [M(fa)] > [M(fa)]. We substitute the definition of H(fa,fa) from (|3.4|) on 
the right hand side. 

fa > fa = A - (A - (fa > [M(fa)])) - £{fa) 
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When X, Y and Z denote arbitrary sets, we have 

X-(Y-Z) = (X-Y)U(XnYnZ), (3.5) 

so 

ipi > V2 = (A - A) u (A n A n (V>i > [M(^2)])) - 
= (An(Vi>[M(^)]))-f(^) 

= (^>[^(V 2 )])-^2) 
= ^!>([>t(^2)]-f(^2)) 
= Y>1 > Y>2 

□ 

Lemma 3.10. ^Vi = {([M{^ 2 )]HM(^i)])VJ H(^ 2 )) - £{^ 2 ) . 
Proof. From Lemma 13.91 and equivalence 1)3.1 Jl we have ip2—' t Pi = ' l p2 — (^l ^^2), or 
$2-^1 = J/^-[( ([A4(V>i)] > [M(i>2)]\ -H{^ 2 )) - £{j> 2 )] 

A B CD 

Using (|3.5|) . we rewrite the right hand side equivalently 

1P2-1P1 = A- {(B -C) - D) = (A- (B - C)) U(An(B -C)nD) 

Since in our case A (1 D = 0, therefore (A (1 (B — C) (1 D) = $ and we get 

^ 2 ^Vi = (A — {B — C)) = (A — B) U (A n B n C) 

We now evaluate AnBflC. We note that AnB = ([M(^ 2 )]-D)nB and since (X-F)nZ = 
X n Z - Y n Z, we have 

AC\B = [M{ip 2 )] r\B — DnB = B — Bf]D = B — D. 

Next, (B — D)nC = BnC — DnC and since C C B, (B — D)PiC = C — D(lC = C — D, 
so we get 

^2-^1 = (A-S)U(C-D) 

= (V2 - ([-M(^i)] > [-M(^)])) U (fftyi,^) - £(i>2)) 

= ([M(ih)] - £(V>2) - ([Mtyi)] > [AWD) u (H(i/nM - £(?k)) 
= {[M{i> 2 )\ - [M(ih)] ~ ^2)) u (H(iPx,ip2) - £(ih)) 
= (([M&2)] JL [M(i>x)])UH(iPx,H)-£&2)- 

□ 

We calculate ipx ■> ^2 and V^i ~ V'l separately in each of the following three cases 
Case 1: MGUc(M(ipi), M(ifa)) = 0, i.e. the image [M(ipi)] > [M(^ 2 )] is empty. 
Case 2: MGC/ £ (A^(^i), M(ifa), V(^i)) / 0, i.e. by TheoremESl [-M(V>i)] H [^(^2)] and 
hence the image [Al(V ; i)] > [M{tp2)] equals the entire \M{ip2)\. 

Case 3: MGU Q (M( y ipx),M(i/j2)) ^ 0> i- e - tne image [.M(^i)] > [M{ip2)] is non-empty. 

Cases 1 and 3 are complementary. However we have separated case 2, which is a 
specific subcase of 3, because it comes up while deciding ^-form entailment (see Theorem 
13 .fij) . Moreover, case 3 is reduced to case 2, as we will demonstrate. 

Case 1 is the simplest and is covered by Theorem 13.111 

Theorem 3.11. If MGU Q (M(ipx),M(ip 2 )) = 0, Vi >V>2 = and fa — ipx = {V>2>- 
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Proof. As follows from Theorem 13.71 MGUg(M(ipi), M(fa)) = implies that the image 
[M(fa)]t>[M(fa)} is empty. Since (fa>fa) C ([M(fa)] > [M(fa)]), we have that fa\>fa = 
and therefore by equivalence (|3.1|) fa — fa = ^2- D 

Case 2 amounts to fa nearly entailing fa. 

Theorem 3.12. When [M(fa)\ (= [M{fa)\ 

fa>fa = fa-H(fa,fa) (3.6) 

^2^i = H(fa,fa)-£(fa) (3.7) 

Proof. (|3.6|) and (|3.7jl trivially follow from Lemma I3.9I and definition (|3.4|) by substituting 
[M(fa)\ in place of [M(fa)]> [M(fa)] and substituting in place of [M(fa)] — [M(fa)].\3 

The expression for the set of holes H(ipi,fa) in this case is derived in Lemma 13.141 We 
first demonstrate the computation of the set of holes, image and e-difference in the following 
example. 

The algorithm is straightforward when there is only one subset-unifier of A4(ipi) with 
M{fa), i-e. each clause of [.M(^i)] > [^(^2)] is entailed by exactly one clause of LVf^i)]- 
The set of holes in this case is simply the union of images from each exception of ipi onto 
[M{fa)\. 

Example 3.13. Consider 

fa = [-'P(x, y, z) except {{x = B}, {x = C,y = D}, {x = A}}} 
fa = [-nP( w ,E,A) except {{w = G}}} 

Since there is only one subset-unifier of A4(ipi) with M(fa), the image of fa onto fa is 
simply the image [A4(^i)] onto [7W(V'2)] minus exceptions of fa and the image of exceptions 
of fa on [M(fa)j, i-e. 

3 

fa >fa = [M(fa)) > [M{fa)\ - S{ih) - \J([£i(ipi)] > [M(fa)]) 

1=1 

In this case [A^Vr)] > [M(tp2)] = [A^t (^2)] and, since (by definition (JZSJ)) fa = 
[M(ih)]-£(ih), 

fa>fa = hP(w, E, A) except {{w = G}}] - [^P(B, y, z)\ > [^P(w, E, A)] 
- [-,P(C, D, z)} > [-,P(«,, E, A)] [-nP(A, y, z)] > [-.P(w, E, A)] 
= hP(u>, E, A) except {{w = G}}} - [->P(B, E, A)} - hP(A, E, A)] 
= hP(u>, E, A) except {{w = G}, {w = B}, {w = A}}] 

Computing the holes is more complex when there is more than one subset-unifier of 
M(fa) with A4(fa), because in this case some clauses of [A^(V'i)] > [-^(^2)] are entailed by 
more than one clause of [A4(^i)]. Then, even though an exception removes from [ J M(V'i)] 
an entailing clause for some clause c of fa, c may be entailed by another clause in fa, and 
consequently the set of holes is not simply a set of images from fa's exceptions, but rather 
an intersection of such images. Example 13. 151 illustrates this computation. 

We derive an expression for calculating H(fa,fa) in the next Lemma by first intro- 
ducing the set of ?/>-forms within LVf(V'i)] (denoted ^i), all of which entail some part of 
[M(fa)], and showing how to combine them to calculate H(fa,fa). 
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Compute H(ipi,ip 2 ) 

- Requires that [M{ipi)] \= [M(ip 2 )] 

Compute 6 = MGUc(M(^i),M(^ 2 ),V(ipi)) 
Set * = 

For each i from 1 to ||8|| do 
Set VI = [A4(V>i)0i] 
Set * 2 = 

For each j from 1 to ||S(^i)|| do 
Set = (([£ j (Tp 1 )]nr 1 )»[M(ip 2 )}) 

Set * 2 = *2 U Iij 

If * 2 = Then Return 
If i = 1 Then Set W = * 2 
Else Set # = * n * 2 - 
Return * 



ComputeImg2(?/>i, ip 2 ) 

- Requires that [M^x)] |= [M(ip 2 )} 

Set = ComputeH(ipx, ip 2 ), ip = ip 2 
For each simple ^-form tph 6 ^ h 

Set tp = if) - tp h 
Return {ijj} 

ComputeEDifF2(^ 2 , ^l) 

- Requires that [M{tpi)] \= [M(i/) 2 )\ 

Set ^ H = ComputeH(i/ji,tp 2 ), * = 
For each simple ?/>-form iph £ ^ h 
Set tp = ip h 

For each simple ■0-form ip e £ £(V0 

Set ip = t/i — -0 e 
Set * = * U {ip} 
Return * 



Figure 9: Computing the set of holes, image and e-difference operations in case ipi nearly 
entails tp2- 



Lemma 3.14. Let = MGUc{M-(ipi), M{ip2), V(V'i)) be nonempty. Let ^1 be defined as 
follows. 

^i = {^\\^\ = [M(^i)9 i ],e i e@,l<i< \\@\\}. (3.8) 

Then, 

l|s(Vi)ll 

H(^ 2 )= pi [J (([f i (V 1 )]nVD>[M(^)]) J (3.9) 

Proo/. Each entails [.M(y>2)]> i-e. V>i > i-M^)] = [M(ip2)\ for each 1 < i < ||0||, because 
the main clause of each ip\ equals some subset of literals of M{ip2)- However, each ip\ may 
contain clauses that are exceptions of tpi, namely (j!=o ([^■j(V'i)] H^J). We call these 
clauses ip\ 's exceptions in ip\ . 

Thus, ^(^i) contains all clauses of tpi that entail something in [.A/^V^)] and more, 
namely tp\ 's exceptions in ip\. Therefore 

^i>[M(^)}= |J (W-ug v ' l)ll ([^(V'i)]n^))M-M^2)]). 

Note that for a given tp\ £ ^1, each clause of [A^?/^)] is entailed by exactly one clause of 
tpl, i.e. for every ip\ £ ^1, and every c £ [.M(^2)] ; {ip\ \= c) <^ 3!ci G • c i \= c (existence 
of a clause M.(ip2)o~ such that there are 2 different clauses c', c" G ^4 that entail it, leads to 
a contradiction to the fact that tp2 arid ipi are fixed length ^-forms). The last observation 
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allows to distribute the image operator and rewrite the last expression as follows 

l|s(Vi)ll 

ih>[M(M= U (^i>lMM)- U (\ £ Mi)]ni>\)>[M^ 2 )\) 
= \M(th)]- U (([^(W]n^)>[A<(^)]). 

i.e. the set of clauses of [M{ip2)\ not entailed by ipi is the intersection of images of ipis 
exceptions in all of ip\ £ Vl/i, 

The formula for Hfyi,^) follows from substituting the derived expression for ifti > 
[A / t(f/'2)] hi the definition Q3.4JI and noticing that since ip\ nearly entails tp2, [•M(V'i)] ^ 
[M(ih)] = [M(ih)]- □ 

The procedure for computing the set of holes Hfyi,^) in case ip\ nearly entails ^2 
presented in Figure |§] is based on Lemma 13.141 Procedures for computing the image and 
e-difference in case ip\ nearly entails ip2 are also presented in Figure |HJ 

Example 3.15. Consider 

ipi = [-'P(x, y, z) except {{x = B}, {x = C,y = D}, {x = A}}] 
^ 2 = [^P(w,E,A) V ->P(C,D,w) V ->Q(w) except {{w = G}}] 

Here, the clause c = ->P(K, E, A) V ->P(C, D, K) V ->Q(K), for example, is entailed by 
two clauses of [.M(V>i)], namely, by ->P(K, E, A) and -P(C, D, K). Although the second of 
these clauses is not in ipi due to the second exception, the first one, —*P(K, E, A) is in tpi and 
therefore ip x \= ~P(X, E, A) V -P(C, D, K) V ->Q(K). Thus, even though c £ [£ 2 (ipi)]>ip2, 
c <G ipi > ^2 • 

Computing the set of holes according to Lemma 13.141 yields 

HfaM = (Wi) n > [MM]) n ((£ (Vi) n V?) > [M(ih)]) = 

f [^P(B,E,A)y^P(C,D,B)y^Q(B)},\ 
\ ^P(A,E,A)y^P(C,D,A)V^Q(A)] /' 

Furthermore, according to Theorem 13.121 e-difference ip2 — ^i equals the set of holes 
H(ipx,ip2) minus exceptions of ^2 

^ = ^2) - {hP(G, P, A) V -.P(C, -D, G) V -iQ(G)]} = 
/ [-.P(S,£7,A)V^P(C,£),B)V-.Q(B)], \ 
\ hP(i,£,i)V^(C,AA)V-Q(i)] /■ 

The image ^1 > ^2 equals LM^)] minus the set of holes, and minus exceptions of ip2, i.e. 

= hPK P, A) V ^P(C7, D, w) V -.Q(«;) except {{w = G}}] - HtyxM 

= [^P{w, E, A) V ^P(C7, D, w) V -.Q(io) except {{w = G}, {w = A}, {w = B}}} 

Recall that the computation of e-difference in case [-M(^i)] (= [.M(V>2)] comes up in 
verifying entailment (Theorem l3.6ft . The following Observation guarantees that each ^-form 
in the e-difference 1^2 — ^1 is strictly "smaller" than ip2- This observation plays a critical 
role in establishing the complexity bounds on ip-ioxm. reasoning. 
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Observation 3.16. Assume |= [^(^2)] and assume that none of the exception 

forms of i/ji entails [A^V^)]- Then each ip-ioim in ip2~ ipi uses strictly fewer variables than 
there are in ip2- 

Proof. As follows from Theorem 13. 1 21 and Lemma [3,14l the e-difference is a subset of a union 
of images of exceptions of ip\ on [A^V^)]- Each such image is obtained by instantiating 
the main clause A4(?/>2) with a subset unifying substitution, call it a. When a does not 
bind any variables of tp 2 to constants, the image is equal to [A^ ("02)] ? which contradicts the 
conditions of the Observation. Thus, a must bind some variables of M{ip2) to constants, 
and therefore [A / I(V ; 2)°']) and in turn, every subset of this -i/^-form is expressed with a ^-form 
that contains strictly fewer variables than |y\4(^2)]- D 

We now consider case 3. There is a non-empty image of the main part of ip\ onto 
the main part of ^2 which occurs when MGU<z(M(ip\), ftA(ip2)) 7^ 0- In this case we first 
compute the image [A4("0i)] > [A4(^2)]> denoted below by Every ^-form in ^ is nearly 
entailed by tpi , and thus we can compute the image of tpi on each of tp- forms in using the 
methods of Case 2. The image ip\ > ip2 equals the union of images of tpi onto each ^-form 
in 'I', minus exceptions of ip2- 

Theorem 3.17. Let MGU Q (M(tpi), A4(^ 2 )) 0; a-nd let ^ denote the image [M(ipi)) > 
[M(ip 2 )]. Then 

i>i > ^2 = (ih. > *) - £(ih) (3-10) 

ih - Vi = (V>2 - *) U [(* - £ (V> 2 )) ^ H (3.11) 

Proof. By Theorem 13. 71 M GUr ( M ) . A4 (ibo )) 7^ implies that the image ^ is non-empty 
and thus consists of a set of simple ^-forms. Each ■0-form in is nearly entailed by 
The image tpi > tp 2 is a subset of \P, and equals exactly the set of all clauses in ^ that are 
not exceptions of ip2 and that are entailed by tpi, i.e. 

Since each of ^-forms in is nearly entailed by ip\ the calculation of the image tpi > \E' in 
the above expression can be carried out according to Theorem 13.121 

The proof of (|3,11|) is similar. The part of tp2 that is not entailed by tp\ includes ip2 — ^> 
plus parts of \P that are not exceptions of ip2 and are not entailed by ipi, i.e. £ (1P2))— tpi- 

□ 

The procedures for computing image and e-difference in case 3 are given in Figure [TUl 

Theorem 3.18. Image and e-difference of two fixed length ip-forms is equivalent to a finite 
set of fixed length ip-forms. 

Proof. The fact that all operations produce sets of -0-forms follows from the fact that all 
of them produce subsets of operand ■(/'-forms. The fact that indeed this set is finite follows 
from the Theorems 13.111 13.171 

The resulting ^-forms are fixed length, because they contain clauses from argument in- 
forms, and each subset ^-form of a fixed length ^-form is obviously a fixed length ip-form. □ 
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Computelmg3(0i, 02) 

- Requires MGU Q (M(ipi), M(ip 2 )) ^ 9 



ComputeEDiff3(0 2 , 0i) 



Requires MGU Q {M{ipi), M(ip 2 )) ^ 9 



Set * = ComputeSimpleImg({M(ipi)), [M{ip 2 )}) 
Set IV = 
For each £ ^ 



Set ^ = ComputeSimplelmg 



([-M(0i)],[.M(0 2 )]) 
Set * r = -02 - * 
For each ^ e f 

Set V = ^ - £(ip2) 



Set r = ComputeImg2( , ipi, ip) 



Set * r = * r U Vv 
Set * r = # r - 5(02 ) 
Return \& r 



Set * r = * r U r 
Return Vfv 



Set r = ComputeEDiff2(ip,ip 1 ) 



Figure 10: Procedures ComputeImg3(ipi,ip2) and ComputeEDijJS^ifji,^) compute ipx>ip2 
and 02 — V'l i n case there is a non-empty image of the main part of 0i onto the 
main part of ip2, i-e. [M{ipi)] > [M(tp2)] $ 

3.6. Complexity of 0j-form operations. The recursive procedure for determining entail- 
ment ^ |= based on Theorem l3. 61 takes time 0(n), where n is the number of 0-forms in ^, 
when the maximum number of exceptions, and variables and literals in the main clause of a 
■0-form are fixed. We assume unification takes constant bounded time, which is guaranteed 
when the cardinality of predicate symbols is bounded by a constant. These assumptions 
are common in open world applications: 

• the number of variables and literals in the main clause and cardinality of predicate 
symbols are always finite and bounded by the specification of the initial and goal 
states and the action descriptions. Moreover, they are typically small. 

• the number of exceptions is limited by a function of the number of objects known in 
the initial state and those objects created by the actions in a constructed plan. When 
the length of the plan is constant bounded, the number of exceptions is therefore 
also constant bounded. In general, the complexity of entailment is polynomially 
bounded in the maximum number of exceptions, as presented in Figure ^2 an d 
discussed briefly at the end of this section. 

To obtain the linear bound on the complexity of entailment, notice that finding a ip- 
form that nearly entails requires a pass through at most n 0-forms of 'F spending constant 
time at each, since checking nearly entailment takes constant time. Once a nearly entailing 
0-form 0^ is found, we calculate the difference — 0fc and apply Theorem (j3.6j) to each 
-0-form in the e-difference. This is a recursive procedure, which can be represented by a 
recursion tree. In the tree, each node represents the non-recursive computation, i.e. finding 
a nearly entailing 0-form 0^., and computing the e-difference — 0/%; and each branch 
represents a recursive call to the same procedure for checking entailment of each 0-form 
in the e-difference — 0^. The complexity of the entire procedure equals the sum of the 
complexities at the nodes of the recursion tree. The time spent at each node is proportional 
to the number of 0- forms in which is n at the root of the tree, and decreases by one at 
each subsequent level. The branching factor (3 at each node equals the number of 0-forms in 
the e-difference — 0/%. (3 is constant bounded when we bound by constants the maximum 
number of exceptions, variables and literals in the 0-forms. Therefore, at each level i of 
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the tree we have at most (3 l nodes, and computation at each node has time complexity 
proportional to (n — i). 

The depth of the recursion tree is bounded by n. However, it is also bounded by 
min(n, V + 1), where V is the maximum number of variables in a ip-ioim.. As follows from 
Observation 13. 161 fpaee 122)) unless ip — ipk = {V'}) each ip-form in the difference ip — ipk uses 
strictly fewer variables than the original ip, because when ipk nearly entails ip, all ip- forms in 
the e-difference ip — ip\~ are subsets of images from ipts exceptions, and unless an exception 
entails the whole ip, this image is obtained by instantiating some variables of ip. In the case 
where ip — ipk = {'4'}i the branching factor out of the node equals one, and we can collapse 
the parent and the child into one node. Thus, assuming V is less than n, the depth of 
recursion in checking \& |= ip is bounded by the maximum number of variables in a ^-form, 
V. The overall time complexity bound is 0((3 v n) = 0(n), since (3 and V are constants. 

Figure ITT1 shows time complexity bounds of the ^-forrn calculus operations as functions 
of the number of participating -i/>-forms n, maximum number of exceptions E, maximum 
number of variables V, and maximum number of literals in a ^-form clause C. The complete 
treatment of the time complexity issues of the calculus of ^-forms can be found in [2j. 





{ip!, ...,1p n }\=1p 


1pl>1p2 


1p 2 —1pl 


Simple fixed length -0-forms 


0(n) 


0(1) 


0(1) 


Non-simple fixed length ^-forms 


0(nE v ^ +1 ) 


0(E t ) 


0(E t+1 ) 


Non-simple limited form ^-forms 


0{nE v+1 ) 


0(E) 


0(E 2 ) 


Singleton ipi 


0(nE) 


0(E) 


0(E) 



Figure 11: Time complexity of computing ip-lorm operations. Assumes unification takes 
constant time and the maximum number of literals (C) and variables (V) in 
the main form of a -0-form are constant. E denotes the maximum number of 
exceptions, t denotes the maximum number of possible subset matches between 
main forms of two ^-forms.i = 0(e c / e ), where e is the Euler's number, for fixed 
length '(/'-forms. 

To summarize: ip-ioim entailment takes linear time in the number of participating 
^-forms n, when the maximum length of clause, maximum number of variables in a ip- 
form and maximum number of exceptions are all fixed. When the number of exceptions 
is proportional to n, computing entailment remains bounded by a polynomial of the order 
proportional to the maximum number of variables in a ip-form times the number of possible 
subset-matches between the main clauses. The complexity of ^-form operations depends 
on the number of subset-matches between the main clauses of two ^-forms, which in case of 
unrestricted ^-forms is C c . In fixed length ^-forms the number of subset-matches between 
the main forms of two i/j-forms is bounded by e c ^ e , as stated by the next Observation. To 
limit the number of subset-matches to at most one, "0-forms can be restricted to contain 
no duplicate occurrences of a predicate symbol in the main clause. We call such ^-forms 
limited form ^-forms. 
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Lemma 3.19. Let ipi and ijj2 be fixed length ip- forms. In two different subset-matches of 
Ai(tl>i) onto M{ip2), no two different literals of M.{ipi) match the same literal of A4(ip2)- 

Proof. As always, we assume that there is no overlap between the variables in two different 
-0-forms. Suppose that the above statement is not true, i.e. there exist two different subset- 
matches of onto M(tp2) that match two different literals d\ and cfo of M(ipi) on the 
same literal d of M(i^2)- Let o~\ and 02 be substitutions corresponding to each subset-match, 
i.e. (Ti and a 2 are in MGU Q (M(tpi),M(ip2),V(^i))- 
Consider the following substitution o. 

• If d\ and c?2 do not share variables, construct a as follows: combine bindings on 
variables in d\ from a\ and bindings on variables in d2 from 02- Then, obviously, 
d\o = d2(J = d. 

• Otherwise, if d\ and cfo do share variables, rename variables in c?2 so that there is 
no overlap with variables in d\. Modify 02 by renaming the variables in the same 
way we did with g?2, and construct a as in the previous case. Again, d\o = c?20". 

Thus, both cases produced a contradiction to the fact that no two literals of a fixed 
length ipi unify. □ 

Observation 3.20. Let ipi and ^2 be fixed length ifj-forms. The number of subset-matches 
of M(th) onto M(ifo) is bounded by e c / e , i.e. \\MGUc(M(ifa),M(ifo),V(ih.))\\ < {e C/e ). 

Proof. Suppose there are ik literals in M(tp2) that matched the k-th literal of A4(tpi). Since 
according to Lemma fe. 191 (page 124(1 no two different matches can match two different literals 
of to the same literal of M(ip2), ii + • • • + ife < C, otherwise two literals of M(ipi) 

would match the same literal of ^4(^2)- 

The maximum size of MGUc(M(ipi) , Ai('ip2) , V(V>i)) is bound by the product i\ X . . . X 
i/.. By the Cauchy's inequality 

il + ; +it >(nx...x it f, 

The product {i\ x . . . x ik) is limited by with the equality reachable only when i\ = 
%2 = ■ ■ ■ = ik = nr. Then the product i\ X . . . X ik- The maximum of this product is reached 
when log(x-) — 1 = 0, i.e. when = e, and equals e c ^ e . 

Thus, when the maximum number of disjuncts in a ^-form is C, number of possible 
subset-matches is bounded by e c l e . □ 



4. PSIPLAN Representation 

As in previous work on open world planning, we assume that the world evolves as a 
sequence of states, where the transitions occur only as the result of deliberate action taken 
by the single agent. Since the agent's model of the world is incomplete, the actual state of 
the world differs from the state of the agent's knowledge of the world, which we call SOK. 
The agent's knowledge of the world is assumed to be correct. 
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4.1. States of Knowledge. PSIPLAN propositions. A SOK is a set of propositions 
that represents what the agent knows is true about the world. In PSIPLAN, a SOK is a 
finite set of PSIPLAN domain propositions or, simply, propositions, which are defined 
to be either ground atoms or ^-forms. 

Since the agent's theory of the world is assumed to be correct, every proposition that a 
SOK entails is true in the actual world. Moreover, we make the following closed knowledge 
assumption (CKA): A literal L is known to be true in s if s \= L, known to be false if s \= —>L 
and unknown if both s \/= L and s \/= —iL. This assumption is closed because entailment is 
decidable in PSIPLAN. 

A model of a PSIPLAN proposition is a world in which it is true. We refer to the set 
of all models of a SOK s, denoted I(s), as the set of possible worlds of s. It is the set of 
all worlds in which everything known by the agent is true. Correctness of the agents SOK 
implies that the set of models of a SOK always contains the actual world. 

We use symbols w, w' , wi . . . w n to refer to worlds, W, W to refer to the sets of worlds, 
and s, s', s\ . . . s n to refer to the agent's SOK. W denotes a set of all worlds. 

4.2. Entailment in PSIPLAN. First observe that any consistent set s of atoms plus 
-0-forms does not entail any atoms but those in s. However, it may entail more ^-forms 
than are entailed by ^-forms of s alone, because of the possibility of resolution between a 
ground clause c, represented by a ^-form, and some atom a, such that ->a is a literal of 
c. However, once all resolutions are performed and the resolvents added to s, each ?/>-form 
entailed by s is entailed by the set of only ^-forms of s, and each atom entailed by s is in s. 
In other words, s becomes saturated, i.e. for any ground proposition q entailed by s there 
is a single proposition p £ s that entails q (see also Theorem 13.2(1 . A set of propositions s 
is saturated if and only if for any ground proposition q, 

(s\=q) => 3p . (p £ s) A (p \= q). (4.1) 

Thus, when s is saturated, one need not combine elements of s (through resolution) in 
order to show entailment. To determine entailment of an atom, s \= a, a must be found 
in s. Entailment of any ground negated clause, or, in other words, singleton ip, s \= ip is 
completely determined by entailment from a single ^-form in s. 

A saturated equivalent of s is obtained by computing all possible resolutions from the 

unit clause resolution rule — — ^— — Ql — ' ' ' — — — between domain atoms in s and clauses 

—<ai V ... V -ia n 

represented by ^-forms. 
For example, suppose 

s = {In(paper, /tex),ip = [->In(x,y) V -*T(x,PS) except {{y = /img}}]}. 

Here, In(x, y) states that file x is in directory y, and T(x, PS) states that file x has type 
Postscript. 

s is not saturated because, even though it entails that file paper is not a Postscript file, 
no single proposition of s alone entails —>T '(paper, PS). 

However, tp in s contains a clause c = -^In(paper, jtex) V —>T '(paper, PS), and we can 
perform a resolution between c and the atom In(paper, jtex), resulting in —U '(paper, PS). 
We add the -^-form [-iT (paper, PS)] to the initial SOK, so- 

The procedure Saturate(s), depicted in Figure El returns a saturated equivalent of s 
and consists of the following steps. Initially we set sq = s. For every tp-iorm ip in sq and for 
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every atom a, we compute (—>a) > tp, as those are all and only clauses for which resolution 
is possible. If this image is empty, we go to the next ^-form in so- Otherwise, suppose 
(—ia)>ift = ip'. From the properties of the image, it follows that —>a is a subclause of M(ip'). 
Let ipnew denote the ^-form that is obtained from ip' by removing —>a from its main clause, 
i.e. tpnew = [M.(ip') — (->a) except S(^')]. We add ip new to so, and continue until all ^-forms 
in sq, including the newly added, are processed in this way. 



Saturate (,s) 

1. Set so = s 

2. For each ?/j-form ip G sq 



3. For each atom a G sq 

4. If [-10] > ip ^ Then 

5. Set ip' = [-.a] > ip 

6. Let D denote the main clause of ip' without the literal -id 

7. If D = 0, Then return fail. 

8. Else Set ipnew = [D except S(^)], Add ip new to so- 

9. End For 



10. End For 

11. Return Sq. 



Figure 12: Procedure Saturate(s). Preprocessing the Initial SOK. If set s is unsatisfiable, 
returns fail. 

Notice that, as a side effect, procedure SaturateQ determines if s is consistent. If at 
any moment we obtain an empty clause as a main part of some ipnew, that indicates that 
M(ip') — (-ia) = 0, i.e. A4(ip') = -*a, which means that we can derive both a and ->a from 
s, and hence s is inconsistent. 

Lemma 4.1. Procedure Saturate(s) returns a SOK sq that is a saturated equivalent of 
s, if s is consistent, or fail, otherwise. Assuming s consists of n fixed length ip-forms and 
m atoms, the time complexity of procedure Saturate(s) is 0(nm c ), where C denotes the 
maximum length of a ip-form clause. 

Proof. The SOK returned by Saturate (Figure contains the input set of propositions 
s and some additional propositions that are derived from s using unit clause resolution, i.e. 
those that follow from s. Thus the returned SOK so is equivalent to the input. 

It is saturated because we compute and add the results of all possible resolutions to so- 
Thus, for every ground proposition p such that s \= p, there is a proposition c G «o such 
that c\= p. 

Saturate computes all possible resolutions in s and returns fail whenever an empty 
disjunct is derived, as follows from the the known property of resolution deduction (see |2Uj 
page 87): If a set A of ground clauses is unsatisfiable, then there is a resolution deduction 
of the empty clause from A. 

To estimate the time complexity bound, we consider the following stages of the algo- 
rithm. During the first stage, for each of n -0-forms in s the procedure will first compute 
the resolution with every atom in s, when the resolution rule is applicable. Determining 
if resolution between an atom and a single fixed length ^-form is applicable consists of 
computing an image of a single literal onto a ^-form (step 4 in Figure I12|) , which takes 
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constant time, assuming the number of exceptions, clauses and variables in a -0-form are 
constant bounded. Thus, the first stage takes time 0(mn). 

Note that the result of each resolution is another tp-form (denoted ip new in the algo- 
rithm), which is added to the saturation sq. For each ^-form at most m new ^-forms can 
be added to sq as a result of resolution with the atoms in s. Furthermore, each of the added 
■0-forms will have 1 fewer literals in the main clause than the original. Overall, nm new 
^-forms with the maximum clause length C — 1 could be added to so during the first stage. 

During the second stage, resolutions are computed between the ^-forms added in the 
previous stage and m atoms of s. This process will take time 0(m 2 n) and add no more 
than m 2 n new ^-forms with the maximum clause length of C — 2. 

The third stage will take 0(m 3 n) time and add no more than m 3 n new -0-forms with 
the clause length C — 3, and so on. Since the maximum possible length of the main clause 
in the ^-forms added at each stage is decreasing by one at each stage of this process, it is 
evident that the number of stages is bounded by the size of the longest ^-form clause C. 
Overall computation will thus take time 0(mn + m?n + . . . + m c n) = 0{m c n). □ 

When a set of PSIPLAN propositions s consists of m atoms and n ^-forms, checking 
s \= a, where a is an atom, takes time 0(m) because a set of PSIPLAN propositions only 
entails those atoms that it contains. Checking s \= tp takes time 0(nm c + n), where 
0{nm c ) is the time to saturate s. When s is saturated, checking s \= if) is 0(n). 

4.3. PSIPLAN Actions. Actions are deterministic and are represented via preconditions 
and effects. Actions are described using parameterized schemas, however, for the simplic- 
ity of presentation, the examples in this section present instantiated, i.e. fully grounded, 
versions of actions. 

Each action a has a name, N(a), and a set of preconditions, V(a), which identify 
the domain propositions necessary for executing the action. The propositions in 'P(a) can 
include literals and quantified ^-forms 4 . 

Each domain action has a set of domain literals called the assert list, A(a). The assert 
list, also called the effects of the domain action, identifies the complete set of domain 
propositions whose value may change as a result of the action. We assume that an action 
is deterministic and can change the truth value (true or false) of only a finite number of 
atoms, and thus any '0-form in the assert list defines a single negated literal. 

Consider, for example, PSIPLAN encoding of the action of moving a file from one 
directory to another, as depicted in Figure EH mv(F, S, D) moves file F from directory S 
into the directory D. The single precondition requires that file F be in directory S. The 
effects are given by a -0-form that denotes that file F is not in directory S, and an atom 
that denotes that file F is in directory D. Action lift(B,L), from our warehouse domain, 
lifts object B from location L. One of its preconditions is a quantified ip-form and requires 
that B contains no fragile goods. 



Ruling out other forms of non-quantified disjunction is not a limitation, since any action schema with a 
non-quantified disjunction as its precondition can be equivalently split into several actions. 
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PSIPLAN action a = mv(F, S, D) 



PSIPLAN action a = lift(B, L) 

V(a) : [-nIn(g,B) V -iFragile(g)], At(B, L) 
A(a) : [->Ai(B,L)],Lifted(B) 



V{a) : In{F, S), File(F), Dir(S), Dir{D) 
A(a) : [-^In(F,S)],In(F,D) 



Figure 13: PSIPLAN domain actions 



4.4. Planning Problem. A planning problem is a three tuple (A,X,Q) where A is the 
set of available PSIPLAN actions, X is the set of initial conditions - i.e., a set of PSIPLAN 
propositions - and Q is the goal, which is also a set of PSIPLAN propositions. 

A solution plan is a sequence of actions, that is executable and transforms any world 
state satisfying the initial conditions into a world state satisfying the goal. 

Given a sequence of ground actions a%, . . . , a n , let W{ denote the set of possible worlds 
obtained by executing the sequence up to the i-th action from any of the possible initial 
worlds. Let Wo denote the set of possible worlds corresponding to the initial conditions, 
i.e. 1(1). Then, a sequence of actions a\, . . . ,a n is called a solution plan to a planning 
problem (A,I,Q), if and only if: 

(1) The goal Q holds in all final worlds, i.e. for all w in W n , w(Q), and 

(2) Each action aj of the plan is executable in every possible world w in Wi, for all 
values of i, < i < n, i.e. for all w in Wj, w(V(ai)). 

Since our agent uses the SOK s to represent the set of possible worlds I(s), in order 
to plan, it must be able to progress the SOK in order to predict the set of worlds resulting 
from executing a sequence of actions. The function updatei) does exactly that. 

If a is a sequence of actions executable from the SOK sq, update(a, sq) denotes the SOK 
our agent uses to predict the set of possible worlds resulting from executing a in any of the 
worlds I(sq). 

Ideally, the SOK obtained by progression must include all and only worlds that are 
the result of executing the sequence a in some world described by the initial SOK. Then, 
every plan that is executable and achieves the goal in the agent's knowledge of the world is 
indeed a solution plan for the real world. This requirement is satisfied when the updatei) 
function is correct and complete. 

The next section formally defines the correctness and completeness properties, presents 
PSIPLAN's update procedure and proves that it is correct and complete. Thus, a sequence 
of ground actions ai, . . . ,a n , is a solution to the planning problem (A, X, Q) if and only if 

(1) The goal Q is entailed by the final SOK, i.e. update(a\ . . . a n ,X) \= Q, and 

(2) Each Oj is executable, i.e. update(a\ . . . aj_i,X) |= V(ai). 

Thus, goal achievement can be established by checking entailment from the updated SOK 
without considering the set of all possible worlds. 

4.5. SOK Update. Actions cause transitions between worlds. The agent's SOK must 
evolve in parallel with the world, and must adequately reflect the changes in the world 
that occur due to an action. Correctness of a SOK update guarantees that the SOK is 
always consistent with the world model, given a consistent initial SOK. The other desirable 
property of the SOK update is completeness: we would like the agent to take advantage of 
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all information that becomes available and not to discard what was previously known and 
has not changed. The correctness and completeness properties of the SOK update, as well 
as soundness and completeness of entailment within the state language, are prerequisites 
for a sound and complete planning algorithm. The correctness and completeness criteria 
are best formulated in the context of possible worlds. Let do(a, W) denote the set of worlds 
obtained from performing action a in any of the worlds in W, and update{s, a) denote the 
SOK that results if the agent performs action a from SOK s. We say that the update 
procedure is correct if and only if 

I(update(s,a)) C do(a,I(s)), (4.2) 

i.e. every possible world after performing the action a has to have a possible predecessor. 
The update procedure is complete if and only if 

do(a, I(s)) C I(update(s,a)), (4-3) 

i.e. every world obtained from a previously possible world is a model of the new SOK. This 
implies that all changes to the world must be reflected in the new SOK. 

To achieve correctness of SOK updates, the agent must remove from the SOK all 
propositions whose truth value might have changed as the result of the performed action. 
To achieve completeness, the agent must add to the SOK all facts that become known. The 
complexity of the SOK update, therefore, depends critically on the process of identifying 
the propositions that must be retracted to preserve correctness. In our language, this 
computation is reduced to computing e-difference, which has polynomial complexity. 

To obtain the agent's SOK s after performing an action a, we first remove all proposi- 
tions implied by the negation of the assert list, as only those propositions of s might change 
their values after a. Symbol A~(a) is used to denote the set of negations of propositions 
in the assert list of a. For example, the action a = mv(fig,/img,/tex) of moving file fig 
from directory jimg into /tex has assert list 

M a ) = {hln(fig, /img)], In(fig, /tex)}, 

and thus 

A' {a) = {In(fig, /img),[-iln(fig, /tex)]}. 

During the update we also remove from the SOK all redundant propositions, i.e. those 
that follow from the effects of the action, and then add these effects to the new state. The 
agent's SOK after executing action a in the SOK s is described below. 

update(s,a) = {(s — A~ (a)) — A(a)) U A(a) (4.4) 
Though it is not necessary, we include —A(a) in (j4.4|) to keep the SOK simple. — A(a) 
removes all propositions entailed by A(a), not just those in A(a). 

Example 4.2. For an example, consider action a = mv(fig, /img, /tex) introduced above. 
Let V{a) = {In(fig, /img)}, which states that fig must be in /img. Recall that A(a) = 
{[->In(fig, /img)], In(fig, /tex)} and A" (a) = {In(fig, /img),[^In(fig, /tex)]}. 

We begin with an SOK s, which states that fig and a.bmp are the only files in /img, 
and that a.ps is the only Postscript file in the system, except for possibly files in directory 
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/img. 

In{fig, I img) , In{a.bmp, /img),T{a.ps, PS), 
[-iln(x, /img) except {{x = fig}, {x = a.bmp}}], 
[-iln(x, d) V PS) except {{x = a.ps}, {d = /img}}} 

a = mv(fig, /img, /tex) is executable in s, and as a result of computing s — A~{a), the 
atom In{fig, /img) is removed from s and the exception {x = fig,d = /tex} is added to 
the second ^-form. The first '(/'-form is left intact, producing 

In(a.bmp, / img), T {a.ps, PS), 
[—>In{x, /img) except {{x = fig}, {x = a.bmp}}], 
[—>In(x, d) V _, T(x, PS) except 
{{x = a.ps}, {d = /img}, {x = fig, d = /tex}}} 



s^A~{a) 



Further e-difference with A{a) and union with A{a) yields the following SOK 

In(fig, /tex), In{a.bmp, / img), T {a.ps, PS), 
[->In(x, /img) except {{x = fig}, {x = a.bmp}}}, 

\-<In{x, d) V ->T{x, PS) except {{x = a.ps}, {d = /img}, {x = fig, d = /tex}}} 
[->In(fig, /img)] 

Note that s contained ^In{fig,/tex)V^T{fig,PS) and that we added In{fig, /tex) when 
determining s' . If our update rule retained —>In{fig, /tex) V —>T{fig, PS) in s', then in 
s' we could perform resolution and conclude that —>T '{fig, PS). However, this would be 
wrong because we have no information on whether or not fig is a Postscript file. Instead, 
our update rule removes any clause that is entailed by ~^In{fig, /tex), and so s' does not 
contain ^In{fig, /tex) V -*T(fig, PS). 

This update rule (|4.4j) produces the same result as Winslett's update operator |1J 
in the special case where actions are deterministic. Moreover, our rule accomplishes this 
without considering all possible worlds corresponding to SOK s explicitly, and thus is more 
efficient. 

We show next how the same rule is used for updating the state of knowledge after the 
actions that create new objects 5 . 

Example 4.3. Consider an action of creating a new file named afile in directory /code with 
effect In{afile,/code) and no preconditions. When this action is executed in s' , the state 
update rule yields the new SOK s" that differs from s' in the following way: 

(1) s" contains a new atom In{afile, /code), reflecting the effect of the action added by 
the update rule, 

(2) the first ^-form of s' now has a new exception, reflecting the fact that it is un- 
known whether afile has Postscript format. This is the result of the e-difference 
s' —{ [ - >Jn( afile, / code) ] } . 



5 Note that discovering a new object is a different issue (since it assumes that the object always existed 
in the domain and is therefore included in the universal quantification even prior to being discovered, which 
is not true of a newly created object) that is also handled in PSIPLAN, however it is beyond the scope of 
this paper. 
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In(afile, /code), In( fig, /tex), In{a.bmp, /img), T(a.ps, PS), 
[-i/n(x, d) V -iT(x, PS) except {{x = a.ps}, {d = /img}, {x = fig, d = /tex}, 
s" = I {x = afile, d = /code}}] 

[-i/n(x, /img) except {{x = fig}, {x = a.bmp}}], 
hln(fig, /img)] 

A factor that turns out to be critical for the use of PSIPLAN in planning is that the 
SOK resulting from updating a saturated SOK is also saturated. After the initial SOK of 
the agent is saturated, there is no need to consider resolution of the initial conditions and 
action effects in satisfying a goal. 

We call an SOK s minimal if it is saturated and it does not contain any ground clause 
entailed by some other clause in s, i.e. for any two ground clauses p, q from s 

(ihp) => (<i = p) (4-5) 

Theorem 4.4. Let a be a domain action and s be an agent's SOK before executing a, where 
s is satisfiable and saturated, and a is executable in s. Then the following state of knowledge 
update rule 

update(s,a) = ((s— A~{a)) — A{a)) U A{a), (4.6) 
is correct and complete. Moreover, the resulting SOK s' = update(s,a) is saturated. It is 
minimal if s is minimal. □ 

Proof. We start by proving that the result of updating a saturated SOK is a saturated 
SOK. We first show that if s is saturated then s\ = ((s — A~ (a)) — A(a)) is also saturated 
( recall that A~(&) is used to denote the set of negations of propositions in the assert list 
of a). Suppose this is not true, i.e. there's a ground PSIPLAN proposition p such that, 
while si \= p, Vp' G si . p' Y= p. Let q be a smallest (non-empty) subclause of p such that 
s\ \= q (there might be several such q). Since s\ C s, q must also be entailed by s, but s is 
saturated, so there exists a q' in s such that q' \= q, i.e. q' C q. 

q' G" s\ (otherwise q' as a subclause of p would entail p) so q' must be entailed by either 
A(a) or A" (a). We abbreviate the union A(a) U A~(a) by A°(a). Since q' G {A(a) > s) U 
(A~(a) o s), there must be a literal e in A°{a) such that e is a subclause of q' , and therefore, 
e is a subclause of q. Note, that since s\ \= q, in case q $ si there must be a way of deriving 
q by resolution from some propositions of s\, which is only possible when there exists a 
proposition r in s± such that r contains q as a subclause. This means that r has e as a 
subclause, and consequently r is entailed by e. But according to the definition of s±, it does 
not contain any clauses entailed by any clause in A° (a). We arrive at a contradiction, so si 
is saturated. 

Adding A{a), which consists of literals and is itself saturated, to s\ also produces a 
saturated state. Assume there is a proposition q that is not entailed by either s\ or some 
element of A{a), but is entailed by s\ L)A(a). q cannot be an atom, therefore it is a negated 
clause. The only clauses that are not entailed by A{a) and s\ separately, but are entailed by 
their union are those obtained via resolution of some atom e G A(a) with a ground clause 
of the form ->e V x in s\. But this is impossible, because A~(a) \= ->e V x, so such clause 
would not be in s\. We arrive at a contradiction. 

In case s was minimal, s' is also minimal, because 

• removing clauses from a minimal set preserves minimality, so s\ is minimal, and 

• s' = s\ U A{a) is minimal because 

(1) si does not contain any propositions entailed by any literal in A°{a), 
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(2) A(a) is minimal, and 

(3) si does not entail anything in A(a). 

To prove that the update function is correct and complete, we need to show that for 
s' = update(s, a): 

I(s') = do(a,I(s)). (4.7) 

Completeness proof. We first show that do(a,I(s)) C I(s'), i.e. for every world w 
in I(s), its successor, w' = do(a,w), is in I(s'). The set of possible worlds consists of 
all and only worlds that model the agent's knowledge of the world, i.e. for any s I(s) = 
{w | (p G s) w(p) = true}. Thus, to show that w' G I(s') we need to prove, that for 
every proposition p in s', w'(p) = true. 

Note that according to the world transition model, w' = {w — A°{a)) U A(a). 

We partition s' into s[ = ((s — A~(a)) — A(a)) and s' 2 = A{a). We partition w' into 
w[ = w — A~(a) — A(a) and w' 2 = A(a). Since w G I(s), for every p\ such that p\ G s[, 
w'^pi). Also, for each p 2 G s 2 , we have w' 2 (p2). Therefore for every p such that p£s, w(p). 

Correctness proof. Now we need to show that I(s') C do(a, I(s)), i.e. every possible 
world w' of s' has a predecessor w that is a possible world of s. We need to show that for 
every w' G I(s') there is a world w such that w' = (w — A°(a)) U ^4.(a) where ui is in I(s) 
and ^4° (a) denotes the union A(a) U A~(a). A possible world is a model of all propositions 
p such that p G s, i.e. w is in I(s) if and only if w models every such domain proposition p. 

The proof is by construction. Since s is saturated, for every proposition p that is implied 
by s, there's a single proposition g£s such that q \= p. 

STEP 1. Since w' = do(a,w) we need to include in w all literals of w' that are not in 
A(a), because those would not have changed as a result of the action. Let wq = w' — A(a) 
and w will include wq. 

STEP 2. We also include in w those literals from A{a)° that are known in s, i.e. the 
literals I G A°(a) such that I £ s. 

STEP 3. At this point every literal or its complement is included in w except for 
/ G A°(a) where neither I nor —>l belongs to s. We now describe a procedure for choosing 
either the literal or its complement for inclusion in w from these "leftover" literals. Suppose 
-il is an arbitrary negated literal from this set. Further, let C = —>l> s. If there is a 
proposition in C that is not already implied by some p, where p G w, then we must include 
—>l in w in order to keep it accessible from s. Otherwise we may include in w either I or —il. 

The world w is now completely specified and is easy to verify that w G I(s), as well as 
w' = do(a, w). □ 

We should note that although the state update procedure above is defined for fully 
grounded actions, it does not mean that all PSIPLAN-based planners must work with fully 
grounded representations. For example, the partial order planner PSIPOP operates using 
action schemas and grounds action parameters only as needed. 

5. Related Work 

5.1. Representations for conformant planning. Representations used for reasoning 
and planning in an open world can be broadly categorized as those that operate using the 
set of all possible worlds, and those that rely instead on reasoning using a specification of 
incomplete state of knowledge. Presented here PSIPLAN belongs to the second of these 
categories. 
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Among the planning systems in the second category is a situation-calculus based planner 
by Finzi et al. ^H]) implemented in GOLOG |27j. The planning task is reduced to theorem 
proving in situtation calculus, and the authors present two approaches to theorem proving 
from the initial state. One approach invokes a Davis-Putnam based theorem prover every 
time entailment from initial situation is checked. The other approach intends to minimize 
the time spent checking entailment by precompiling the specification of the initial state 
into its equivalent form containing all prime implicates of the original specification. (The 
reduction to prime implicates is akin to PSIPLAN's saturation of the initial state.) From 
the prime-implicate form further theorem proving is done by subsumption of clauses. 

The foregoing is the only conformant planner that subsumes the state and goal language 
of PSIPLAN. However, the examples presented in the paper do not contain universally 
quantified disjunctive goals with exceptions that are handled by PSIPLAN. The generality of 
the situation-calculus permits any first-order specification of the initial and goal situations, 
and actions, however, at a price of the complexity of planning. In PSIPLAN, we have 
deliberately and significantly restricted the language for the sake of reduced complexity of 
reasoning. 

A subset of situation calculus with equality, which has tractable, sound and under 
certain conditions complete action progression procedure from an incompletely specified 
state is presented by Liu and Levesque in (SHI- There are similarities between PSIPLAN 
and the language of Liu and Levesque, in particular in the use of universally quantified 
statements in the knowledge base. However, neither language subsumes the other one in 
the expressive power. 

Shirazi and Amir ([HE]) also address the problem of progressing a belief state encoded 
in first-order logical sentences over a sequence of actions. They present special purpose 
algorithms for computing the progression, which they call logical filtering, in polynomial 
time. The polynomial time complexity of belief update is achieved for STRIPS and also 
permuting actions. An action is called permuting, if for each world w' there is at most one 
w such that do(a, w) = w', i.e. for every world potentially resulting from execution of action 
a, there is a unique "original" world state. PSIPLAN's actions are not permuting, however 
they are similar to STRIPS actions in the sense that the assert list of an action includes 
only those literals that change as the result of an action and there are no conditional effects. 
Thus, the polynomial time complexity of PSIPLAN's update procedure is consistent with 
the findings of Shirazi and Amir. 

Eiter et al. propose a (propositional) logic based planning language K. for 

planning with incomplete information as answer set programming. In this framework, 
proposed originally by Lifschitz , a plan is the answer set of a logical program formulated 
using a specialized logical language. K. represents lack of knowledge using negation as failure 
semantics. It supports both knowledge state and possible world planning. The authors 
further distinguish between optimistic and secure (i.e. conformant) planning. Optimistic 
plans may not be executable, due to their assumptions on the missing information. /C 
supports conditional effects, but does not allow any universal quantification on goals or 
state description. 

Thielscher |37j presents FLUX - a logical programming framework for agent program 
design in the presence of incomplete information and sensing. FLUX is based on fluent 
calculus and is implemented as a set of constraints, defining the domain, action update, 
agent's knowledge and action execution. The syntax of the language is carefully restricted 
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to provide linear time evaluation of the constraints. The constraint language includes uni- 
versally quantified negated clauses, similar to the simple ^-forms of PSIPLAN. However, 
unlike PSIPLAN, the constraint solver assumes a finite domain, and does not represent 
exceptions to the universally quantified clauses. FLUX has nice computational properties, 
but it is not complete. Also differently from PSIPLAN, the FLUX framework is designed 
for programming the intended behavior of the agent via a designer-specified strategy, which 
defines the set of agent control rules, rather than the problem of automatically constructing 
a sequence of actions that will result in the achievement of the goal. 

Conformant Graphplan [35] and its extension to planning with sensing, SGP [10] are 
prepositional Graphplan [§| based open world planners that consider every possible world 
and thus rely on the domain of objects being sufficiently small. However, in small domains 
these planners are able of generating remarkably long plans. Graphplan based planners 
perform a search in a space of graphs generated by forward-chaining in the state space, 
and their performance degrades when the initial state contains large number of irrelevant 
atoms. 

CMBP planner is a conformant planner based on model checking. Like Conformant 
Graphplan it performs a forward-chaining analysis, but relies on an effective way of encoding 
sets of possible worlds and its performance is less dependent on the amount of irrelevant 
information in the initial state. CMBP uses action representation in the form of non- 
deterministic state transition relations. 

An approach to conformant planning as a heuristic search in the space of belief states 
that are sets of world states is presented by Bonet and Geffner ( JO] ) • An admissible heuristic 
function is computed based on the distance to the goal state under the assumption of 
complete information. The search produces an optimal plan, however the algorithm relies 
on the finiteness of the state space, which is not achievable when the domain of objects 
is infinite. The action language used is an extension of STRIPS that includes function 
symbols, negation, disjunction, non-deterministic actions and conditional effects. 

IPE [fl, SENSE-P pi], XII|22], PUCCINI [21] are causal link planners that interleave 
planning with execution of incomplete plans. The action description language of PUCCINI, 
SADL [23] includes actions with conditional and informational effects. However, to the best 
of our knowledge there are no completeness results for conformant planning with SADL. 

PKS is a forward chaining planner based on a representation of the agent's knowl- 
edge that captures a set of possible worlds via a set of knowledge formulas similarly to 
PSIPLAN's SOK. The representation of Petrick and Baccus includes functional symbols, 
conditional plans and actions with conditional effects, all of which are not represented in 
PSIPLAN for the reason of tractability. However, the PKS planner only admits ground 
literals in its goal language and does not handle universally quantified negated goals. PKS 
is also incomplete, but the authors report that it is able to generate plans in many domains. 

The LCW (see introduction) language is extended in |28U19| to handling exceptions. 
Levy in [2H] uses extended LCW sentences, called Local Completeness (LC) sentences, to 
represent database completeness information and derive answer completeness property of 
a conjunctive query. This is analogous to computing whether a SOK entails a universally 
quantified knowledge goal, where the SOK is given by the combination of relational tables 
and the knowledge goal is to know all individual objects that satisfy a given query. Friedman 
and Weld JH] extend on Levy's work for the purpose of eliminating redundant information 
gathering from databases by an Internet agent. They present a method of determining 
subsumption from LC sentences: whether a set of relational tables contains all information 
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available in another relational table. Thus, both of these works only consider the setting in 
which there are no actions that can change the world, do not address a changing world or 
planning, and do not present any methods that would make these extensions amenable to 
their use in an open world planning algorithm, such as the image and e-difference operations 
of PSIPLAN that are critical in the computation of state update after an action, causal 
links and threat resolution. 

5.2. Complexity. Complexity of prepositional planning with incomplete information, with 
and without sensing actions, has been addressed by many researchers (e.g. [21], E3> E3> 
|M8j ) . Results presented in these works, although for different state and action languages, 
generally show that the complexity of constructing conformant plans of polynomial length 
is greater than planning with complete information, which is NP-complete. Though we 
have not proven the following formally, from the results of this paper it appears that: (a) 
checking whether a given plan (of polynomial length) solves a given problem in PSIPLAN 
can be done in polynomial time and, thus, (b) determining whether there exists a plan (of 
polynomial length) that solves a given problem in PSIPLAN is NP-complete. These results 
do not contradict the results of Baral et al., nor those of Turner [HE], as we explain below; 
the key to the reduced complexity of PSIPLAN-based planning compared to the analysis 
in these papers seems to be the absence of conditional effects. 

Baral et al. |Hj present complexity results for a variety of problems related to open world 
planning with action language A. In particular, they show the problem of finding all solution 
plans in presence of incomplete information and no sensing belongs to the class X2-P. To 
keep the complexity of planning with incomplete information within the NP-completeness 
bounds, they propose a O-approximation, which sacrifices completeness. 

In PSIPLAN as in O-approximation of Baral et al., the set of possible worlds is rep- 
resented by a set of propositions that are known to be true. However, unlike the action 
language A used in Baral et al.'s work, PSIPLAN's action language does not allow for 
conditional effects, and so all of an action's effects are guaranteed to be true after the (ex- 
ecutable) action is performed. In contrast, in action language A determining the effect of 
the action and thus the resulting set of possible worlds sometimes requires an analysis of 
possible values of unknown propositions. O-approximation does not involve such analysis 
and thus loses such plans. 

For example having no information at all and an action ao with conditional effect "ao 
causes p if -ip" , a plan that consists of a single action ao achieves p, but it will be missed by 
O-approximation. Without the analysis of the result of performing ao in two possible initial 
states (corresponding to the two different values of p), it is impossible to conclude that p is 
true after performing ao. That is the reason why O-approximation will miss it. In PSIPLAN, 
there are no conditional effects, and so action ao from above cannot be represented. Once 
executability of an action is determined, all effects are guaranteed and the set of possible 
worlds is precisely described by the single updated state of knowledge. Thus, in PSIPLAN 
completeness of conformant planning is preserved without an increase of complexity over 
classical planning. 

Turner [3H1 presents a comprehensive complexity analysis of a set of planning problems 
by using a very general framework for describing a planning problem. This framework rep- 
resents actions as state transition relations and integrates many action languages including 
those with conditional effects, nondeterminism and concurrency. As in Baral et al. his 
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results on conformant planning consider actions that may have conditional effects, and are 
more general than PSIPLAN's. 

Haslum and Jonsson's paper |24j states a PSPACE-completeness result for the problem 
of verifying existence of a conformant plan of unbounded length with STRIPS-like actions. 
This result is presented without proof and thus it is difficult to analyze it for the case of 
polynomially bounded-length plans. 

6. Conclusions 

Classical planning presupposes that complete and correct information about the world 
is available at any point of planning (by having a completely specified initial situation, and 
deterministic actions). However, in a more realistic setting, the knowledge about the initial 
state may be incomplete, the effects of actions may be nondeterministic, or there may be 
other agents acting in the world. These are some sources of uncertainty in planning. 

In this paper we dropped one of the assumptions of classical planning — the assumption 
of complete knowledge of the initial state of the world — thereby considering the problem 
of open world planning. We have presented PSIPLAN, a language for representing and 
reasoning in open world applications. PSIPLAN uses '(/'-forms to represent infinite sets of 
clauses of negated literals. We have shown the following. 

• Our algorithm to determine entailment in PSIPLAN is sound and complete and has 
polynomial complexity in the number of propositions in the state of knowledge under 
certain assumptions on the structure of -(/'-forms common for open world planning 
problems. Operations image and e-difference between ^-forms, which are crucial to 
planning with quantified propositions, also have polynomial complexity. 

• Updating the agent's state of knowledge after performing an action has polynomial 
complexity in the number of propositions in the state of the agent's knowledge. In 
addition, the update procedure correctly and completely describes the transition 
between possible worlds due to the action. 

Thus, PSIPLAN representation efficiently handles domains with an incomplete specification 
of the initial state without considering the set of all possible worlds, and does not require 
that the agent know the set of all objects. We implemented a partial order planning 
algorithm PSIPOP [2] for open worlds that uses PSIPLAN representation of state and 
actions. PSIPOP uses PSIPLAN calculus for reasoning about goal achievement. Since all 
of the PSIPLAN operations used by PSIPOP have only polynomial complexity, we argue 
informally that planning with PSIPLAN does not exceed the complexity of closed world 
STRIPS style planning. PSIGraph |12j is a GraphPlan-based planning algorithm which 
uses PSIPLAN. 

Further evidence of the applicability of PSIPLAN representation for planning in open 
worlds with a large or infinite number of objects, is the use of PSIPOP's extension to 
planning with sensing and interleaved execution at the core of the Writer's Aid [H] - a 
collaborative bibliography assistant. Completeness and tractability of PSIPLAN's reason- 
ing and its ability to effectively handle initial information and goal statements universally 
quantified over an infinite domain of objects ensured effective and non-redundant operation 
of the system, which were critically important in this application. 

Experimental results from the initial implementation of PSIPOP, as well as an ex- 
perimental assessment of the impact of various parameters of ^-forms on the performance 
of the entailment algorithm are presented in Results from the initial implementation 
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of PSIGraph planner are presented in ^2j. We are currently working on optimizing the 
performance of these two planners. A thorough experimental evaluation of PSIPOP and 
PSIGraph is under way and we are planning on reporting it in a future paper. 

In the future, we will extend PSIPLAN to allow function symbols, and we will publish 
already completed work that extends PSIPLAN to reasoning about the agent's knowledge 
goals and the effects of sensing actions. 
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